Standing on the Horizon of One of the Greatest Advancements in Science: The Quantum Computer
Standing on the Horizon of One of the Greatest Advancements in Science: The Quantum Computer
Meet Hybrid Quantum Machine Learning (HQML) for Cybersecurity
And, so, we stand on the horizon of one of the greatest advancements in science and technology: the quantum computer. For the first time, we will be able to compute with light particles and move away from our traditional Von Neumann architecture. In a decade or so, perhaps, our silicon-based chips will feel like the vacuum tubes of the past — clunky, inefficient, and slow. And, the whole concept of pushing electrons down npn transistor junctions for computation may feel like we are racing on a skateboard against a Jumbo Jet at top speed.
The quantum computer, though, will disrupt virtually everything to do with trust and security but will bring great advancements in computation. While not every problem will be able to be processed by quantum computers, there are some which can be significantly enhanced. So, let’s look at the risks of the quantum computer, and outline how they can be used in cybersecurity analysis. For this, I will outline our new paper which advances the area.
The threats? … breaking the Internet
With the rise of quantum computers, we will see many risks and opportunities. On the risk side, we face an untrusted digital world, and where ALL of our existing public key encryption methods can be cracked by quantum computers. This includes RSA, ECC, and Discrete Logs, and for key exchange (ECDH), digital signatures (RSA, ECDSA, and EdDSA), and public key encryption (RSA and ElGamal).
Luckily, there are a number of Post Quantum Cryptography (PQC) standards that are being developed, and which will work alongside our existing public key methods — a hybrid approach, before the eventual switch-off of RSA and ECC. These include CRYSTALS-Kyber (for key exchange and public key encryption) and CRYSTALS-Dilithium, SPHINCS+, and Falcon (for digital signatures). Most of the proposed methods use lattice cryptography, and which has been shown to be robust against quantum attacks. If you want to learn more, try:
The opportunities? … a whole new world of processing
But, what about the opportunities? Well, quantum computers will bring a new way of process, and use Qbits to replace our binary digits. These approaches will allow us to develop new approaches to existing problems.
In cybersecurity, our forthcoming Ph.D. student (Madjid Tehrani) and collaborators from Capgemini (Eldar Sultanow and Anja Jeschke), McGill University (Malik Amir), George Washington University (Raymond Chow), and Edinburgh Napier University (myself and Mouad Lemoudden) have just outlined a new method of merging quantum computers and machine learning in order to solve a well-known cybersecurity problem [here]:
This implements hybrid machine learning methods on real quantum computers, with 100 data samples, and also with real-device-based simulations, with 5,000 data samples. It uses HQML algorithms applied to the detection of botnet-generated domain names. This includes the features of the character length of the domain, the entropy of the domain name, and the reputation of the domain name:
With domain name analysis we often use entropy measurements — and where we measure the variability of the letters used in the domain name. Along with this, n-Gram detection analyses 1, 2, 3 and more character sequences and match them to their relative probability and pronounceability. For example, “qq” is a highly improbable 2-Gram sequence, but “tr” is.
The advancements in the paper are a “stabilized quantum architecture that enables us to execute HQML algorithms on real quantum devices” and “the design of a new form of hybrid quantum binary classification algorithms that are based on Hoeffding decision tree algorithms”.
If you are interested, the Hoeffding tree was first defined in 1963 [2]:
and where recent work has considerably speeded-up the process:
The experiments used the Qiskit library with Aer quantum simulator, along with using three different real quantum devices (on the Microsoft Azure cloud): IonQ, Rigetti, and Quantinuum, and this is the first time that these tools have been combined.
Conclusions
We believe the paper is a great advancement in applying hybrid quantum machine learning to the field of cybersecurity analytics. So, don’t let your company stand blindfolded to the threats and opportunities of quantum computers — get ready!
References
[1] Madjid Tehrani, Eldar Sultanow, William J Buchanan, Malik Amir and Anja Jeschke, Raymond Chow and Mouad Lemoudden, Enabling Quantum Cybersecurity Analytics in Botnet Detection: Stable Architecture and Speed-up through Tree Algorithms, 2023, https://arxiv.org/abs/2306.13727.
[2] Hoeffding, W. (1994). Probability inequalities for sums of bounded random variables. The collected works of Wassily Hoeffding, 409–426.