After a long and successful career with Accenture in Silicon Valley, Michael Redding recently came out of retirement and moved to Ottawa to join Quantropi as its Chief Technology Officer. As a developer of end-to-end quantum cybersecurity solutions, Quantropi’s mission is to prevent hackers from using quantum computers to crack the public-key encryption in place today across national and global economies, defence systems, and public and private infrastructure.
Quantum computing harnesses the properties of quantum physics to perform calculations. Unlike conventional computers, which operate using bits, quantum computers use qubits. While bits can be on or off – represented by a one and a zero, respectively, in classical computing – qubits can also be in what’s called “superposition.” This means they’re both on and off at the same time, or somewhere on a spectrum between the two.
Ask a conventional computer to find its way out of a maze, and it will try every single branch in turn, ruling them all out individually until it finds the right one. A quantum computer, on the other hand, can go down every path of the maze at once. Qubits allow for uncertainty, and by stringing multiple qubits together quantum computers can solve problems that conventional computers would take millions of years to solve.
While quantum computers don’t yet have the power to overcome today’s public-key encryption, cybersecurity experts and organizations ranging from NATO to the White House to the U.S. federal government are acknowledging that these capabilities are inevitable. Indeed, hackers are already thought to be preparing for this milestone, known as “Y2Q,” by stockpiling identity-related data to decrypt using quantum tech. This nefarious practice is known as “steal now, crack later.”
Tech Talent Canada sat down with Redding to learn more about the threats and opportunities presented by quantum computing, and why they urged him out of retirement and onto a plane.
What can you tell us about your academic and career journey?
MR: I did my undergrad in Electrical Engineering and Computer Science at Princeton, and then went on to get a Master’s degree in Biomedical Engineering at Northwestern University in Chicago, where I did software development and design and simulation of prosthetic limbs. After my Master’s I joined Anderson Consulting, which ultimately became Accenture, and was put immediately into an advanced tech group.
My career at Accenture had three phases. The first had to do with large-scale systems integration, where I learned the fundamentals of the IT infrastructure that powers the world’s biggest companies and government agencies. Then I was part of a group of consultants and researchers that became Accenture Technology Labs. I ended up overseeing seven labs around the world, including a cybersecurity lab in Washington, D.C., and eventually another one in Tel Aviv.
My last role at Accenture was to co-found and lead Accenture Ventures, the company’s corporate venture arm. I built out a network across 50 countries that interfaced with local startup communities, and did 38 investments over five years before retiring.
I joined Accenture in an era when careers there had 30-year life cycles, so my wife and I had planned for that. What we hadn’t planned for was my introduction to Quantropi. I knew a little bit about the post-quantum space, I knew a lot about cybersecurity, and I saw that Quantropi was bringing the chocolate and the peanut butter together, so to speak. So I sold my house in Silicon Valley and moved to the Ottawa Valley in the dead of winter and in the middle of COVID. For the first two months I could see the Quantropi building, but I couldn’t go inside because of COVID lockdowns.
Why should Y2Q and quantum cybersecurity be on every CTO’s radar?
RL: Sometime in the next few years, somebody will have a quantum computer powerful enough to run Shor’s algorithm, which is particularly efficient for factoring the integers and prime numbers that today’s public-key cryptosystems use to generate cryptographic keys. These keys are secure against brute-force cyber-attacks because it would take millions of years for a classical computer to compute their prime factors.
By running Shor’s algorithm, however, sufficiently powerful quantum computers will be able to steal the key and unlock all the security.
What are the ramifications of failing to upgrade to quantum cybersecurity?
RL: Every byte of data that goes out the door before cybersecurity systems are upgraded is vulnerable forever. You can never unring the bell.
In 2021, it was estimated that 350,000 fully encrypted exchange servers were infiltrated and exfiltrated by a foreign power. The stolen data is just sitting in Cloud Storage, waiting for a quantum computer to unlock it all. Bad actors can sit on it till the day they get the big quantum computer, tear open the envelope, and get the key.
When do you think Y2Q will occur?
RL: The timeline keeps shrinking. In 2016, Professor Michele Mosca from the Institute for Quantum Computing at the University of Waterloo wrote that there was a one-in-seven chance that quantum attacks would break public-key cryptography by 2026, and a 50-percent chance that it would happen by 2031.
A February 2022 survey by Dimensional Research and Cambridge Quantum shows a much gloomier picture. Of the 614 security professionals surveyed, 61 percent think quantum attacks will defeat classical encryption methods within just 2 years.
On the one hand, this is because quantum tech is becoming better by the day. IBM, for example, managed to grow its quantum computers from 65 qubits in November 2020 to 127 qubits in November 2021, and plans to unveil a 1,121-qubit machine in 2023. Google and IBM both plan to build quantum machines with a million qubits by 2030.
At the same time, the bar for Y2Q keeps getting lower. Until quite recently, researchers believed that hackers would need as many as one billion qubits to break today’s public-key encryption. But in 2019, a pair of researchers from Google and the KTH Royal Institute of Technology of Sweden described a way to break 2048-bit RSA in eight hours with just 20 million qubits.
What steps should CTOs be taking today to mitigate the Y2Q threat?
RL: The good news is that the Internet Protocol supports crypto-agility and is architected to be upgradable. But you’ve got to have the right parts to swap in. To protect data, networks, and systems, these parts must provide the three prerequisites for cryptographic integrity: trust between any two parties via quantum-secure asymmetric encryption, uncertainty for rendering data uninterpretable to attackers, and entropy for delivering ultra-random key generation and distribution.
With this in mind, CTOs and their teams can start by benchmarking the performance of quantum-secure cryptography tech. Deutsche Telekom is already doing this with Quantropi’s QiSpace, which is the only software-as-a-service (SaaS) platform that checks all the “TrUE” boxes: Trust, Uncertainty, and Entropy.
QiSpace is also the only platform that does not require new and expensive hardware or infrastructure, has the crypto-agility to support a range of post-quantum cryptography (PQC) standards, leverages Quantropi’s novel Quantum Permutation Pad (QPP) algorithm, and is ready for implementation today.
Any enterprise that goes on to deploy Quantropi’s platform achieves not only immediate quantum-proof security, but also ultra-efficient client-side implementation. That’s because every secure action consumes less time and energy than its direct legacy equivalent, and less energy equals lower cost. In fact, with the advantage of gross savings on both energy and infrastructure, organizations will net a cost benefit over current installed technology, and these savings will only increase over time.
What attracted you to Quantropi?
RL: I believe in Quantropi’s vision of preserving truth and trust to ensure that the world is prepared for the imminent quantum future. With eight patents granted and many more pending, Quantropi is as much an IP company as it is a product company. As a tech guy I know what this means: its tech is poised to become the quantum security standard.
I didn’t un-retire, and move my family all the way to Ottawa, to try and solve a “someday” problem. I came here to help preserve truth and trust, and maybe even play a part in saving the $50 trillion global digital economy.