Navigating the Future of Cryptography and Blockchain with Dr. Sushmita Ruj

[00:00:00] Welcome to The Quantum State, a podcast exploring the latest research and innovation in quantum computing.

[00:00:06] Join us as we dive into groundbreaking breakthroughs, trends and news shaping the quantum landscape.

[00:00:31] Welcome back to The Quantum State. Today we have Dr. Su Shmita Rouge, Faculty of Engineering Lead at University of North South Wales Institute for Cybersecurity.

[00:00:41] So you and I recently on a panel at Quantum Australia and so we had the pleasure to discuss a lot of these things already.

[00:00:48] But first for everyone here, tell us a little bit more about yourself and how you got into the blockchain space.

[00:00:55] It's a pleasure and stress here to be here. Thanks for inviting me and we did have a great panel last time, so it's really great to be here again.

[00:01:05] So I am with the School of Computer Science and Engineering at the University of New South Wales.

[00:01:13] I am a cadernic and as well as I lead the Engineering Faculty that it comes to the Institute for Cybersecurity, even as a University of Cybersecurity, if cyber.

[00:01:26] As I'm primarily trained computer scientists, I've been to a photography since my PhD, almost you know, no more than 10 years.

[00:01:38] I've been doing cyber security mostly from the cryptographic side of things and I've looking various domains and has been during lectures for since I think 2014.

[00:01:54] And at that time it was just the two ends and not as much of the blockchain that we see as of now.

[00:02:04] And it started pretty well. I stuck to it, I still do blockchain research and very invested in what's happening around the same time.

[00:02:12] I'm very much invested in that was once in photography, I asked off which I started a few years back.

[00:02:19] But in general all these exciting, I can relate and I'm really looking forward to talk to you this podcast.

[00:02:27] Yeah, and this is actually very timely because we're at all time highs for big core right now as we're filming this episode will later when it comes out.

[00:02:36] But very timely there's a lot of really interesting new things in the press about the post quantum cyber security signal, I message so very excited to dive in more with you.

[00:02:46] Great.

[00:02:48] Could you tell us in your opinion and this is a question that obviously we've asked many other people before.

[00:02:56] What is the threat of quantum computing to current cryptography, but building upon that.

[00:03:01] What is it about this new generation of post quantum cryptography that makes us believe or have confidence that a similar kind of attack isn't going to turn up in the future?

[00:03:14] Okay, so if you want to go back and see what high cryptography is designed cryptography algorithms are designed and why they're secure.

[00:03:26] You have to go back and think look back and see that many of these cryptographic algorithms are based upon certain hard assumptions.

[00:03:36] And the problem that quantum computing, the threat that quantum computing brings here is that many of these assumptions and if it not hold anymore.

[00:03:46] So that essentially breaks the crypto systems and it's not so well cryptographic algorithms only a class of cryptographic algorithms mostly the public algorithms.

[00:03:58] What happens is that some of the algorithms are what are affected by these quantum computers because underlying security assumptions are broken.

[00:04:11] And that is why we see a lot of discussion and a lot of effort going into moving to post quantum cryptography.

[00:04:22] So to say in a few words that you know we have these assumptions being broken by quantum computers.

[00:04:29] And that's why it is a big challenge at this point of time to design algorithms that are quantum surf and just design algorithms but also see how it fits with applications that use cryptographic algorithms and how these algorithms, these protocols have to be tailored.

[00:04:49] And so that these algorithms are not only connected for these applications, but for these applications so that these can be integrated seamlessly as well as you know have comparable performance.

[00:05:04] So when you say beyond the line of assumptions get broken here you're referring to things like the assumption that into de factoization can't be completely.

[00:05:13] That's a very good question so a lot of algorithms have been there for a very long time and you know does most family proof that it's not going to be broken but it's a belief that's actually that actually these lattice algorithms would be safer but there's no formal proof at this point of time.

[00:05:39] So you know we have been looking into lattices for some time, leaving the community and it has been there for a few decades now.

[00:05:49] You know we are interested to explore more into lattice based algorithms.

[00:06:01] So in time you talked about hash based algorithms now hash based when it comes to hash hash functions and the security of these hash functions and you think of the quantum threats.

[00:06:13] There's actually a subtle thing that we have to understand that the hash functions or symmetric key cryptographic punitives and for those algorithms you need to be able to do you know the attacker typically does a search and the main fashion is that.

[00:06:30] So that's quickly and quantum the quantum the only challenge is that the symmetric key algorithms if you improve the key sizes and you know by actually two then what happens is that you have to like extend the length of the keys to be able to make them secure so with existing algorithms hash algorithms or symmetric.

[00:06:56] You have to worry about changing the algorithm but yeah you do have to worry about you know the key lens and that is why you know the hash based signatures are becoming so popular and symmetric key primitive based you know post quantum algorithms are becoming so popular because you can still retain the algorithm and but change the parameters.

[00:07:22] But you know the public yeah algorithms you have to change the algorithms altogether so that's that's what it is.

[00:07:30] Right so based on what you're saying is it fair to summarize that by saying that I'll believe in the security of for example lattice based crypto is the test of time and that's it.

[00:07:43] What I would say that the there is this you know since it's not fully proven to be secure so there's this still you have to give a benefit of doubt I would say and that is why if you're looking to the standardization process after the first you know the finalist some of the finalists were announced.

[00:08:11] There's still for more algorithms which are non lattice based algorithms so that is the reason why we are looking into alternate solutions and to be believed that that's the way forward we would not have just lattices or just symmetric key based or just you know a certain based algorithms but we would have a range of algorithms so that you know we have some backups if something does not work.

[00:08:40] So I want to dive a little bit deeper into the block shanes side right like I mentioned at the beginning we talked about these messaging apps being upgraded which is really great because I post on Twitter recently like hey you know would you use a consistent app if you had one and everyone was like yes and they didn't realize signal was already out there right so it's really good enterprises are moving forward on that and the upgrades are fairly simple in some way right like obviously we have to get the right cryptography algorithm.

[00:09:08] But blockchains are very different so can you talk a little bit about where the cryptography is entering into blockchains and why they're different and perhaps harder to operate yeah that's a very good question because if you think of blockchains there are different types of cryptography algorithms that are using blockchains.

[00:09:28] So one of them is hash functions and this is typically you know hash functions that typically use to ensure that immutability property in blockchains which means that if I change the hash of the pack then you have to change all the corresponding you know all the subsequent blocks which is rather difficult because your data the blockchain data or the blockchain is maintained by so many peers in their system.

[00:09:55] So you know changing the hash is one thing or you know hash functions is one thing but the other very important to you know cryptography primitive that is used as you know signatures and this is used for authenticating that yes I mean I'm the one was making the transaction or I'm the one who is you know proposing the block so signatures are very useful in.

[00:10:24] In blockchains and those signatures are mostly ECDSA or you know other algorithms which are going to quantum attacks and that's the fear so you know there are many other.

[00:10:42] Cryptographic algorithms that are used for privacy and you know other reasons in the design itself which are again problematic scenario that overall I feel that signatures specifically is very important part of the component of a blockchain that will be will make it serious create a serious problem for blockchain with them when the quantum computers arrive.

[00:11:12] How does it work when you want to migrate a blockchain to post quantum cryptography we've got basically all the existing ones some of them have sort of upgrade ability built into them like a theory and did this was difficult was a big challenge but they called it off.

[00:11:29] Some not so easy to migrate like what's the best way to approach this yeah so the values of not easy to migrate maybe I'll talk about that.

[00:11:39] So what happens is that when you have these you know even before migration if you think of the blockchain the blockchain code is essentially in all the the p&o's were you know hosting the blockchain or evaluating the transactions and this code has to be changed if you have to update a signature for example.

[00:12:04] And what happens is that if you know try to do this what it means is that you know your software you have to upgrade your software and this is not a very easy process given that you know there would be many you know peers in the network and there has to be so that's one part of it the other part of it is that you have to create a hard for in the network which is rather you know.

[00:12:33] I would say not impossible because we have seen the case and Ethereum as you mentioned Peter but it's it needs a consensus or you know some agreement within the community and then seamless migration.

[00:12:49] Or you know between the two versions of Ethereum so that's actually a big challenge so if you need to convince the community that yeah I mean we will be going for this and then once you have this thing that needs to be a lot of testing a lot of you know.

[00:13:10] There's a lot of evaluation to be done before this is declared because you know blockchains have amongst other things the most important thing is that they have let's do with money and we have to be extra extra careful when we you know discuss blockchains so that's that's actually a big issue when it's then you think of migration are the other issue is that what's going to be the speed of the book chain if you.

[00:13:39] So you know adopt these algorithms would be you know would it be comparable would it make them slower so these are our professions to ask if when you're trying to migrate to post quantum blockchain and in the discussion at various levels but you have very important for the technical level but also whether that is acceptable to the community.

[00:14:05] So there's like you mentioned with Ethereum Ethereum is now putting out a quantum resistant roadmap I ought to try back early in the day they were one of the probably one of the first time i'm going to claim that to say you know we're using quantum resistant algorithms but then they got hacked and they kind of went back on that.

[00:14:29] So what do you feel like is happening right now in the community right so if you're smiling moving forward like you mentioned right there needs to be consensus so I personally am a little bit worried about Bitcoin generally just because that consensus in the community is much harder to get but what's really happening in the blockchain community are.

[00:14:46] Just waiting for other chains to make the first move or what are they waiting for and what are they waiting for faster speeds what are they waiting for to actually transition to PC.

[00:14:56] Yeah so you know something that many levels and one of the levels is that designing design imprimatives that are needed in the blockchain protocol so for example very far the running functions so these form a very important component of certain consensus algorithms for example in our grant now if you think of this very far the running function you have to have a post quantum version of it as well.

[00:15:26] It's just in the consequences of process itself so we did some work with a lot of space term very far the running functions so that you know this could be at some point of time so these sort of efforts would be able to be plugged in when we think of migrating to that suppose quantum.

[00:15:44] Blockchain so one of the things that the community is doing is developing our primitives that are you know that are used currently using black chance that have don't have that post quantum variant.

[00:15:59] That's one thing but the other thing is that even if you have a post quantum variant and the questions are performance wise as I mentioned you know this this could be a performance bottle like sometimes that it would also be you know.

[00:16:13] Computation wise or maybe the size wise this these things could be quite expensive to maintain and that might degrade the overall performance of the blockchain and also affect the scalability of blockchain so that's a thing that is a big concern so when we are trying to design all these primitives or you know your purpose quantum primitives we have to be mindful of you know the performance as well.

[00:16:42] Security as well as performance the other thing that's there's something that have been seen in the community which is really very nice to see and I love it very much is that of you know a small issue because as you mentioned scalability scalability is something very important and we are seeing a lot of.

[00:17:05] You know a lot of things going around in layer two blood chains which are many of these are based upon zero knowledge proofs for example and in that case as well we see a lot coming up with post quantum zero knowledge proofs and you know stuck there is a very classic examples but there are you know many other efforts that are.

[00:17:31] The time at the moment and as is as mentioned you know the blockchain privacy becomes very critical so naturally zero knowledge proofs not just scalability but also from the privacy perspectives this become very important so on one hand you are designing these protocols but also checking that these are compatible with what we have at the moment or if even if it's not compatible how to make that and.

[00:18:01] Sure the compatibility and ensure that we have performance you know at least comparable performance so performance might not be higher than what we have right now with just plugging in the algorithms but again is it comparable or if it is not how much what have I got to do with it so essentially there's working several levels it's at the level of the protocol design at the level of implementation.

[00:18:31] Not has to be taught us when it comes to implementation and it's because you know the size blow up for example in signatures so you would need you know the communication overhead goes up or you know the net for classic increases so there's lots to really think about when we are migrating towards the post quantum you know block chains.

[00:18:59] Yes it's an interesting point you raise about interoperability because people often forget that the blockchain isn't a blockchain it's a whole ecosystem of interacting blockchains with all sorts of advanced interactions and smart contracts and into ledger transactions.

[00:19:18] And it's not necessarily the case that if the black the blockchain where you're operating on is post quantum secure that's not necessarily the end of the story if that blockchain is interacting with independent upon other blockchains or as you mentioned a random oracle that may not have migrated so how robust can you actually be if we're not just talking about a simple blockchain that just stores money like Bitcoin but something advanced that.

[00:19:46] It just integrates with other oracles and ecosystems and smart contracts what do you do that.

[00:19:52] It's a very difficult question honestly I mean you know if you think of the internet itself you know it's like a very I would say it's a philosophical session as well like you know if you are thinking of the internet and when you're thinking also migrating in the internet itself you know there's so many bits and pieces to be put together

[00:20:14] and tried and tested and then you know so many applications that are affected so it's like you know this post quantum migration is really going to be of extremely tedious process it's going to be an extremely you know what did I say it's going to be it's going to be a process which would involve not just not just the technical.

[00:20:43] The technical people it has to go over and beyond technological advancement so it has to you know we're bringing the community as a whole when I talk about the community it's like you know the technology of the people business people the policy makers and that's very important so for example you know as in the blockchain and I want to interact with some other you know some other say external entities so for example you know I'm I'm in the.

[00:21:12] I mean and I have to get the data feed so what sort of let's look at things are going to happen and what sort of support I'm getting and to enable this transition and whether so for example if there are if this if I have nothing to you know nothing said that and first that and first is a first is me to transition to post quantum I might want to maintain my status quo and just do my business as usual.

[00:21:42] And really I use a few customers it really might not matter to me but you know if you think of the system as a whole maybe you know it's it's it's it's it has to you have to have the conversation from the policy people to figure out you know what sort of regulations should be we should be put forward so that you know post quantum you know the transition is kind of is it's made mandatory and under what circumstances should it be mandatory and.

[00:22:12] And what should we do and how should we enforce this transition is also something that is currently being discussed throughout the world and there are.

[00:22:25] I believe and I might be wrong here look and you know also in the US there are some legislation that are actually.

[00:22:35] Trying to enforce that you know organizations should have migration strategy and and you know must start making it as an important agenda in their business so it's actually a problem that means you know separate from.

[00:22:57] Science and has to you know does let us conversation has to be around this problem and of course the technical as a technical person I mean I might not be.

[00:23:09] What would I say like might not have that say in the in the policies policy planning that yeah I mean we have to kind of.

[00:23:19] Make the community understand what's the risk and vulnerability and how do we you know make this transition.

[00:23:27] Earlier on anastasia mentioned that i'm apple i message is making a transition to post quantum photography signal recently did the same thing I think open SSH the tunneling.

[00:23:39] So I think that's what I think is the same thing.

[00:23:49] And what all of them are doing all of those ones that I mentioned and not just substituting that initially going to double encryption so you've got the previous generation encryption with the new generation top of it.

[00:23:59] A very long term migration path potentially and especially in that migration period where you're doubling crypting you've gotten even bigger issue with like memory and speed overheads and signature sizes so it's considerably something that's going to be not a very straightforward migration path is start with the old generation.

[00:24:20] So that's the generation cryptography will use both and then at some point in the future go to just using the one once we're confident in it right.

[00:24:28] Yes so hybrid photography I mean this that's going to be the same time till we are very sure which algorithm would stand the best of time and what to use in the future.

[00:24:42] I believe that's actually a very good you know we are going forward because you know if we have just you know have some I said I'm you know algorithm's first quantum algorithms and we have tried to plug them in.

[00:24:57] Yeah that's that's that might after a while and we have seen this with some of the algorithm especially I think it was was it psych so yeah I mean one of the algorithms which was which was actually broken one of the.

[00:25:25] Which was which was broken very quickly essentially showed us that you know we we have to take it slowly even though it means that we will be using on the performance for a while but you know we we have to understand that the security would be paramount because you know if you try to if you look at you know the most by this attacks happen and then you know you could actually do.

[00:25:54] So how does now to create a kind of an attack then you know those sort of things are really very scary so it's it's definitely going to be a bit performance wise it might be not as effective and that would be other challenges as well.

[00:26:14] Like you might have to have you know you have to break the pockets up and then that might cause errors so you have to do the retransmission and all those are real big challenges that we will be facing but at the same time you know we have to do it for if we have to make things secure yeah so it's also.

[00:26:37] When you're saying there like resending packets that you're referring to things that like the TZPRP stack level where the whole protocol needs to be updated accordingly to accommodate for errors in the in the new form of encryption.

[00:26:54] The changes in light and season whatever those expected overheads might be.

[00:26:59] Yeah yeah yeah yeah and there's actually a lot of work going as well like you know even with the hybrid encryption like how do you actually operate and how do you incorporate these separate example signatures into the into the Internet track protocols to be able to to to migrate to the platform.

[00:27:24] So it's not going to be a very good and play kind of an approach but it's absolutely much more deported technical challenges a lot of things have to be considered at the network level at the systems level and also this would involve very interesting you know research questions at least for us researchers it's very lovely time to be in this space.

[00:27:50] Yeah there was a blog post this morning that just came out on the cloud flare blog that's had about 2% of key connections right now or PC encrypted already which honestly to me sounded that was more than I thought it would be I thought we say 2% 2%

[00:28:07] which I honestly thought was a little high at this point but that's great to see a moving forward right so it's great to see people thinking on that level of security and I probably cloud flare was down this morning when the blog post came out so that was also not great timing.

[00:28:26] You know all the juxtap quantum computers attacking them right now definitely happened.

[00:28:31] On this on this issue the people who are making these early transitions at this point they're doing so preempting the nest standardization process they're making this migration before it's actually been standardized what the protocols are.

[00:28:48] Is that because we can be already very confident that the current candidates are going to be the standardized one or is there the risks that the people making the early migration could get it wrong and say damn now I have to make another migration all over again to the proper standardized version.

[00:29:07] So as far as my understanding goes many of these algorithms I mean so for example crystals, either or maybe dilute them these are actually certified by this now so definitely most of the transition is happening with the standardized ones like that when that's the same thing sets you know in the standardization process at the moment.

[00:29:33] But to get started somewhere I think that's a that's a very good idea to actually take these and for you know it's standardized ones at the moment and try to incorporate them in the protocols.

[00:29:54] But as in when we see your algorithms we might essentially see them being integrated and tested as well so yeah I mean and some somewhere you have to start and you know this is what's happening and these are like big players who are actually doing this thing so that you know if there is very something wrong they can go and fall back and you know.

[00:30:23] I build it up from there so it's I think that's a it's a well calculated risk that these organizations are taking and i'm i'm very much in favor of that taking well calculated risk and because ultimately we have to move so it's better start now then you know.

[00:30:43] Yeah so particularly for the financial industry right when we're talking about money things are getting even more intense hours now a decryplator you know I don't have too many national secrets that the world you know will collapse if my texts are taken over but there's a lot of those things out there and obviously you know money is a big one.

[00:31:04] Especially talking about Bitcoin and you know potential factors that they have you know a different different technology that they need to think about to do that transition.

[00:31:16] What do you what do you think so I think the first question here is there's been a few blockchains that are quantum resistance from the beginning qrl there's a few more.

[00:31:26] Is there a benefit right now because as we're talking about this right we're looking at these algorithms and we're saying well maybe they're not going to be secure forever is that actually a benefit to build a quantum native right now or does it really not matter whether you are kind of on an old cryptographic system because you feel like those new algorithms will be dead at some point anyway.

[00:31:48] That's a very good question and I'm not sure what might be the right approach and you know and and you know the company is going to be taking different approaches depending upon how much risk appetite do they have and how much you know they can spend on this transition.

[00:32:15] So for example you know if there are feedback options and you know the root essentially take that risk and start the migration and start the process better.

[00:32:26] And a lot of these companies are waiting to see which primitives and protocols are going to be standardized and then start this migration and I think it's a it's a very hot off plan.

[00:32:41] I'm listening until you know that's yeah I mean we have to start so that at least a mindset should be there and try to incorporate hardware then set the moment which are which are more towards this quantum which are quantum variants is a good idea.

[00:33:00] That's yeah I mean waiting to see the outcome of the standardization and as we speak there is what happening in the ZK standardization process as well.

[00:33:13] So you know it's it's it's a most standardization and also you know other standardizations that are if you have to be looking at to make a judgment what might be the one for that but that's not the right approach.

[00:33:30] So I think yeah it's going to be a very interesting thing to see like how the blockchain ecosystem is evolving and i'm really excited to see what's going what's going to happen in the next couple of years maybe.

[00:33:50] Yeah i'm actually really curious to see I think yesterday or maybe the day before bricks announced that they're going to be building a digital currency right so I wonder if they're going to build it.

[00:34:03] Quantum native from scratch right the first kind of I don't know if it's the first actually I don't know if you know about this the first intercountry currency something like that I'm.

[00:34:15] What the project line is.

[00:34:19] Is this for like international finance backbone for the bricks countries at the government.

[00:34:25] I saw tweet yeah Brazil, Russia, India, China, Saudi or South Africa.

[00:34:31] Saudi, yeah Saudi UAE I think joined recently.

[00:34:36] So they're looking at a currency to build which is really interesting considering what's going on in the US right now right you have all these senators especially right now all time highs you know all these centers going no big quits dumb you know don't use it you know we're going to make it illegal and.

[00:34:55] You know the other side of the world is going nope we're just going to build our own.

[00:35:00] It's interesting how those dynamics work as well because there were two interesting cases in particular firstly just as the war between Ukraine and Russia was starting Ukraine I believe legalized cryptocurrencies as an official payment mechanism.

[00:35:20] That was an interesting consideration providing effectively a fallback mechanism for trade in the eventuality that there's a monetary crisis from conflict and there was another interesting one not related to legalization but in Venezuela I think it was there was.

[00:35:39] A strong correlation between daily Bitcoin volume and and the monetary problems in the country at the time.

[00:35:49] So it seems very sensible the governments would be thinking formally about what's the best way to accommodate this is a potential waiver is hedging against risks yeah and even on the on the other side of I heard so that when the Taliban took over women can get bank accounts anymore and so crypto spiked because.

[00:36:10] That's all the women had to use in that country at that point so it's been very interesting to see this is such a backbone of our financial system now.

[00:36:20] That would be an interesting outcome if as a consequence all of the women ended up way richer than all the men.

[00:36:28] Because they're going from here because there's another choice yeah can I get back to something that I think you briefly mentioned earlier on one of the candidates for this ended up being broken and not by a corner computer but by someone's laptop yes and from what I understand that wasn't an attack on the algorithm itself it was in a side channel attack based on a timing attack.

[00:36:57] And people often think that you know understanding the security of these algorithms is just about looking at the source code and evaluating that in the logic and the algorithm behind it but they're all the implementation issues can you tell us a bit about what you see as the potential other vulnerabilities side channel attacks etc in these new generation protocols.

[00:37:19] So side channel attacks have been a very known type of an attack in the crypto world and as you mentioned timing attacks are not so some as or you know a good way to act so these are all you know has been there for a long time and I believe that with all these post-quantum algorithms and the candidates I mean because you know we have so many nest candidates which are being analyzed now.

[00:37:48] It is it's not just you know the the theoretical attack or you know attack by software hardware analysis is one very important or I would say selection analysis is a very important part of the attack of launching attacks so there are researchers who are actually looking into these algorithms and most of you know attacks that we have seen for all these algorithms.

[00:38:18] So it's not that quantum computers is with the normal you know I would use types and you know maybe you know the taking more intensive computation but you know it's so without one so the main challenge over here is that the good thing about the dismissed competitions is that you know you have all these algorithms which are open.

[00:38:46] Everyone can view these algorithms and naturally the community is trying all possible ways to find bugs in this on that box I would say attack these things and if you look into the most candidates it's not just that I will then the implementations code is also provided which makes it more easy to for researchers to check whether that code is code has any sort of vulnerabilities.

[00:39:13] Of course whether this code is there are different types of attacks, whether there's this algorithm is corrupt so you know these attacks and I would say crypt analysis is happening at different levels.

[00:39:26] And I think that's a that's a very good thing that we are you know everyone is trying to figure out that you know if you choose or help choose the best candidate.

[00:39:40] So when does these processes evaluation side channel attacks in the rigorous way that's a part of the process.

[00:39:50] Yes so the way this goes with the this competition is that since these algorithms are open and you know there are a lot of people looking into the algorithms.

[00:40:00] So these are the researchers themselves they you know they would look into algorithm and try to check whether these are secure and they could be analyzing this algorithms and they possibly would you know set up their findings as well.

[00:40:15] Paper or maybe as a you know ISR report or technical reports and these are all considered by this when they are evaluating the algorithms because I mean when the community the world's right community is looking at it and they are finding you know attack so it's like I think it's it's very collective effect that is being put in here.

[00:40:42] This essentially considers all these attacks as well as you know the comments that are being being a big product in you know to finally decide the candidate so if there is an attack.

[00:40:55] You know it's very we have seen a lot of further than not just in this standardization process been before.

[00:41:02] That these have come from community from the research community who have already been able to attack and then they have published the results are put the results up and these have helped list to make up for when it came to the further for standardization so yeah I mean it's actually I would say a very very collective effort that is being put up to how was the last given that's the case.

[00:41:27] How the one that got cracked on the laptop how did that slip through for so long.

[00:41:33] Yeah those those going to be my well question a little bit of the snorkeling question maybe like how do we know the right people are having their eyes on these algorithms because one of the things I think that's really special about BTQs you have the quantum scientists and the cryptographers working together which is pretty rare.

[00:41:51] Yeah that's so what happened with site if I understand the assumption that they had initially there was there was I think it was not well analyzed which actually was a bit for challenge.

[00:42:15] The Ben I mean that is where you know this whole process become is very transparent so you know if it was maybe done by one or two people maybe you know even this this attack which not have been possible so yeah I mean a lot of people looking at different things and and someone figures about now.

[00:42:39] We might see and this is very normal in the in the cryptography community that after many years you find something is not working properly so that has been instances so you know or we cannot just rule out that you know something looks okay at the moment might not be as.

[00:43:00] Might might not stand that's the stuff time that you know that's why you know we are a little bit hesitant when we are saying that you know we will be just going directly to the PC algorithms we are beating and seeing that yeah and that was like perfect perfect.

[00:43:20] Because if I think security is a matter of course.

[00:43:24] All of these things you know that they probably make some people lose a lot of sleep.

[00:43:31] That's actually true I mean especially it does let people who actually lose at the sea because we know that there's you know that some people might lose a sea because they are scared that they might lose them money because the blockchain might work but there are some people who are.

[00:43:49] Moving to sleep because they are really trying very hard to help and move to this make the right a better place and yeah I mean we will definitely help people on both sides of the spectrum.

[00:44:04] Is there a way to get better collaboration or education between experts in the field I mean obviously for us one of the reasons for this podcast right is because not a lot of quantum physicists have knowledge of the blockchain space or the cryptography space but we have to work together so how do we get more people getting their eyes on this yeah that's a very good question and I would say like you know there was a time that I would see quantum.

[00:44:31] Quantum physicists as adversaries that was kind of a feeling and no hard hard feelings for you know quantum physicists watching this out what's best.

[00:44:43] But yeah I mean that is a thing I thought that if the quantum computers come via a trisk and so on but even later but I have realized that this conversation has to be you know go hand in hand the reason is that as you correctly mentioned Peter that most of these attacks are even you know our.

[00:45:00] Normal attacks that are not even quantum attacks and then we define the security we are actually defining a classical notion of security for many of these algorithms.

[00:45:13] There is a need to understand what the quantum security would be like and it's very important that that point of time to understand what the quantum.

[00:45:24] Side of things would be like and that's where we need that conversation with quantum scientists to figure out when you say like secure and it's a quantum secure it's not just a classical security but it has to be like you know quantum security what sort of challenges will quantum bring.

[00:45:42] If you have the quantum random or how does it look like what is it what what can it to so it's very important that we have a very good understanding of the quantum side of things and there's lot of effort that is being protect now because most of the security that we are seeing as like you know classical notion of security in the post quantum algorithms but yeah I mean we are getting there where we are trying to define the security and naturally we are trying to figure out how to.

[00:46:11] We don't mitigate the attacks with a classical notion with a quantum notion of.

[00:46:19] Motion as well.

[00:46:23] I think when it comes to finding quantum attacks.

[00:46:28] It's actually extremely difficult to provide generic answers to these things like finding shores algorithm world that was that was good luck that was very fortuitous and if we hadn't have found that there wouldn't be any other attacks against.

[00:46:44] I would say similarly there is a quantum attack against lightest based crypto or hash based crypto it's something that will either discover or we won't but it's not that it fits in a category of some sort of class of quantum attacks because they tend to be very uniquely tailored to the particular system that they're attacking so I think maybe the sort of the way in which quantum computing interacts with breaking things like this is very different.

[00:47:13] Classical attacks where we have a big list of standard crypto now like techniques that we use.

[00:47:20] Yeah that's very true so for example when we say that the signature is secure we say that you know we give so many instances are so many signatures and then you know.

[00:47:31] The attacker cannot generate a form to signature that's an unfursue ability that we are trying to do but it's the quantum computer.

[00:47:41] There are that the quantum computers you know the state might be change after the experiment itself so.

[00:47:48] We don't know how to I don't know there would be people who are actually starting this to realize that what does it mean to have a quantum secure in the first place so yeah I mean that's very very interesting discussion that.

[00:48:00] That that is is happening at the moment and that needs more discussion so definitely it's a very I mean I'm no longer see the result of the result I see that we are friends and we have to you know we have to do.

[00:48:14] We have to do quantum we have to.

[00:48:18] We have to manage the quantum community because this quantum has so many lovely applications and that at the same time we need to have that interaction or discussion to figure out how to build that was quantum.

[00:48:33] But to algorithm somehow to make them secure.

[00:48:40] From the corporate side though that's you know you work with a lot of corporate clients right they want very straightforward answers so this is not very satisfying for them to hear.

[00:48:50] You know I was on a call with the bank and they said well how do you know this won't be broken right and I said well.

[00:48:56] The curve now is broken and you know no one's ever coming into there saying that hey we have this perfect algorithm that will stand up forever more right I mean that's the hope but.

[00:49:07] What are the actual practical steps that companies do to transition towards PQC we talked about hybrid we talked about getting involved in these processes but what can someone actually do today to start moving towards the PQC future.

[00:49:22] Yeah so this actually some guidelines that companies are being provided now to migrate and one of the first things is that you know discovery and.

[00:49:35] You know enabling what sort of crypto components they have either crypto software or maybe data and you know cataloging them trying to figure out what's what the potential threat would be like and then they go out you know.

[00:49:54] Okay first is for first discovery data discovery and then you would have you know try to see what's the algorithms have been there and what would be the risk of these algorithms.

[00:50:07] And also depending upon the risk appetite of the company they might essentially choose what to migrate at what point of time so there's actually you know a list of steps discovery and then the figuring out the risk.

[00:50:22] And having have an assessment based upon these like what would be the migrating strategies that are you know I would be migrating which applications should I be migrating first what sort of data should I be targeting at depending on how critical the details for the organization.

[00:50:42] And then some of the well known techniques that are already tested these have to be put in place for organization by the organizations to be able to move forward so yeah I mean security perfect security security or secrecy is a myth and you know we should be not even trying to do that but what we know that we haven't and then danger we start acting now.

[00:51:07] And then maybe the label post quantum secure needs to be elaborated upon with believed to be post quantum secure.

[00:51:16] People often assume that cryptography is proven to be secure one way or another yeah it's almost never the case.

[00:51:23] One final outlook question apart from quantum technology what do you see is the big impact technologies upcoming in the field of security they're going to have a big impact on the field.

[00:51:36] So I think you know there's a lot of chat around this with language models and you know AI and both are very strong collaboration or policy strong.

[00:51:47] A connection between security and all these are you know this AI and other ML techniques one of the questions is that whether these.

[00:52:00] The the the the large language models or the other AI tools how easy or quickly are threats be discovered is one big question that needs to be you know that's being going to explode.

[00:52:19] And at the same time the other question is that what is happening to this AI or you know the LLM kind of for you know algorithms.

[00:52:29] You do know that they are actually spreading out the right results how do we know that they are generating the parameters that they are supposed to so there's there's a lot of questions that are.

[00:52:42] That needs to be answered at that point of time because we don't understand how these algorithms work in general it's very a gray area so there's where to be done you know saying that yeah you know this is this is how what i'm getting what I'm what these algorithms are spreading out and so this is.

[00:53:05] This is the right thing that they are supposed to come with and there's a question of trust like what data they train from whether this data is is trustworthy data is my algorithm doing the thing that it should be doing again.

[00:53:22] Having the sense of very far ability of these computations these are very you know closely related discussions and I see I am seeing at least some conversation happening in that academy community based upon this.

[00:53:35] But I think there's there's more that these questions are will be very important especially when it comes to security and privacy of data how does it you know how does privacy how is privacy affected data confidentiality accepted when it comes with this.

[00:53:51] With this you know AI and machine learning techniques so I think there's a lot we are going to see a lot of discussions coming with the intersection of AI and so at this.

[00:54:04] In this area center i'm really looking for it's to see what happening in the next year or so.

[00:54:12] With cloud three being released this past week I saw quantum researcher actually asked the the cloud system to create and it was like creating you algorithm with the idea he had and it correctly.

[00:54:28] So I think we did the action steps that he did for his unpublished paper that he was going to publish fairly soon with that so.

[00:54:36] I'm sitting here wondering if night i'm going to be in cloud I just upgraded and being like let's talk about how we can hack one of the missed pqc candidates like let's let's talk through with the LM so I think.

[00:54:49] And then love to see if you can get some results I definitely really need to see.

[00:54:55] i'll try no expert on the cryptography side but I think it would be really interesting to see what it comes up with and whether I don't know people are claiming go to so creative whether it actually has some new insights and because.

[00:55:09] You know make the quantum field hasn't truly embraced.

[00:55:12] Elems as much as I think other communities I agree it wouldn't be a really interesting time for that so maybe.

[00:55:19] It will be the the clouds algorithm and the chat gpt algorithms coming out pretty soon.

[00:55:27] So thank you so much for coming on right now we talked a lot about pqc not enough about blockchains so definitely would love to bring you back and talk more about the blockchain side of it in the.

[00:55:38] In the future as well but right now working people stay updated with news and developments about what you're doing in your work.

[00:55:45] I did not get your question oh sorry we're can we find you online do you have a website Twitter or we'll connect you to see what you're working on okay so come up with me on lantern.

[00:55:59] And just type in with my name so Schmietta Rooch and find me on my UNSW website www.unSW.au.au.

[00:56:14] Okay so I forgot that but you know yeah that's maybe the best to find you at that yeah you can look at look me up on my university website that.

[00:56:27] Perfect.

[00:56:29] Perfect and if you're watching this on YouTube those links will be in the description below so much easier for you so thank you Peter for co hosting with me shoot me for coming on to this podcast I learned so much and for everyone for listening to these episodes always remember they even comment if you're on YouTube and you can find these episodes on Spotify Apple wherever you get your podcast and thank you so much.

[00:56:54] Thank you so much.