Walid Rjaibi

Lei Zhang, Andriy Miranskyy, Walid Rjaibi et al.

The software engineering community is facing challenges from quantum computers (QCs). In the era of quantum computing, Shor's algorithm running on QCs can break asymmetric encryption algorithms that classical computers practically cannot. Though the exact date when QCs will become "dangerous" for practical problems is unknown, the consensus is that this future is near. Thus, the software engineering community needs to start making software ready for quantum attacks and ensure quantum safety proactively. We argue that the problem of evolving existing software to quantum-safe software is very similar to the Y2K bug. Thus, we leverage some best practices from the Y2K bug and propose our roadmap, called 7E, which gives developers a structured way to prepare for quantum attacks. It is intended to help developers start planning for the creation of new software and the evolution of cryptography in existing software. In this paper, we use a case study to validate the viability of 7E. Our software under study is the IBM Db2 database system. We upgrade the current cryptographic schemes to post-quantum cryptographic ones (using Kyber and Dilithium schemes) and report our findings and lessons learned. We show that the 7E roadmap effectively plans the evolution of existing software security features towards quantum safety, but it does require minor revisions. We incorporate our experience with IBM Db2 into the revised 7E roadmap. The U.S. Department of Commerce's National Institute of Standards and Technology is finalizing the post-quantum cryptographic standard. The software engineering community needs to start getting prepared for the quantum advantage era. We hope that our experiential study with IBM Db2 and the 7E roadmap will help the community prepare existing software for quantum attacks in a structured manner.

Lei Zhang, Andriy Miranskyy, Walid Rjaibi

Quantum Computers (QCs), once they mature, will be able to solve some problems faster than Classic Computers. This phenomenon is called "quantum advantage" (or a stronger term "quantum supremacy"). Quantum advantage will help us to speed up computations in many areas, from artificial intelligence to medicine. However, QC power can also be leveraged to break modern cryptographic algorithms, which pervade modern software: use cases range from encryption of Internet traffic, to encryption of disks, to signing blockchain ledgers. While the exact date when QCs will evolve to reach quantum advantage is unknown, the consensus is that this future is near. Thus, in order to maintain crypto agility of the software, one needs to start preparing for the era of quantum advantage proactively. In this paper, we recap the effect of quantum advantage on the existing and new software systems, as well as the data that we currently store. We also highlight similarities and differences between the security challenges brought by QCs and the challenges that software engineers faced twenty years ago while fixing widespread Y2K bug. Technically, the Y2K bug and the quantum advantage problems are different: the former was caused by timing-related problems, while the latter is caused by a cryptographic algorithm being non-quantum-resistant. However, conceptually, the problems are similar: we know what the root cause is, the fix (strategically) is straightforward, yet the implementation of the fix is challenging. To address the quantum advantage challenge, we create a seven-step roadmap, deemed 7E. It is inspired by the lessons-learnt from the Y2K era amalgamated with modern knowledge. The roadmap gives developers a structured way to start preparing for the quantum advantage era, helping them to start planning for the creation of new as well as the evolution of the existent software.