Cryptography, Cybersecurity, Privacy
Co-founder and CTO at Confidencial.io
2017-2021: SRI
2011-2016: HRL Laboratories
2006-2010: PhD@UC Irvine
Reasons 1 to 5 are technical m-ish predictions and 6 to 7 are more business and operational.
Won’t happen at scale in next 5 to 10 years. It will take 15 to 20 years.
Quantum Computers development will be slower than hyped (to be relevant to breaking cryptography, and a classical threat is more likely but not as hyped)
Most businesses don’t have a lot of data or info that needs to be secured for 30 years, governments have that but also mostly classified and governments are not the highest driver
There will be other short term solution by using AES and hash functions and MPC and distributed secure computation and communication
There will be unexpected (classical and quantum) improvements in attacks that will require increasing key sizes and will results in more overhead in PQC and also casting doubt in the mind of operational and practical people
The workforce to push such a migration will be short, we need more cryptographers and applied ones and security people that understand PQC better but producing them will be slower because the focus of the community is shifting to cryptocurrency and more short-term profits and gains
The new encryption algorithms are too complex and it will take a while to develop their software and tools to co figure and for developers and say admins to better understand them
There will be other areas of more critical investment like automation and other cybersecurity issues like identity and moving to cloud
Case Study: Comparison with IPv4 to IPv6 transition
Short-term solution: NAT
More immediate pain because you simply couldn’t have an IP address so nothing works in cyberspace for you. Simply ON/OFF so more palpable need, yet wasn’t as urgent
Government had deadlines for adoption but kept being pushed. Driven mostly by adoption outside US, Japan and parts of Europe were leading. I see Europe leading in PQC but not Japan (probably to lack of talent). Japan is behind in cybersecurity so won’t lead this time. Europe is focusing more on privacy and is behind in quantum industry. Europe is ahead in research but not entrepreneurial activity and it is this what will drive it.
It’s only when Google and MS pushed it in their systems and OS that IPv6 spread. Crypto is different. TLS may be upgraded quickly, but it is not that that is the problem.