Filip Rezabek on Quantum Communications at SmallSat Europe
I'm Filip, one of the co-founders and CTO of SpaceComputer. And today I'll be talking about quantum communications. So it's a short overview of actually where we see the space heading with respect to quantum computing and how can we actually prepare for the aspects of post-quantum cryptography being the means of transition moving forward.
Watch the full talk on YouTube:
So I don't have to say it in this crowd because I believe many of you are heavily involved in space but definitely we see a lot of direction of shifting more compute to space, either from private, public institutions and it's definitely a global activity that we see happening moving forward. Space is becoming part of a critical infrastructure, a sovereignty layer depending on how you look at it, a defense domain but more importantly, this is also the aspect and the focus of this talk, it's becoming a cyber-physical attack surface. And we have to consider these activities moving forward to make sure that the security that we are working on is become on par with the expectations and the weight we are putting onto this infrastructure as well.
So the more compute we will be having moving forward, we will need to make sure that we are also ensuring the protection of the keys, policy engines and also the execution in process because we are putting more weight and usage of this type of infrastructure. And this is covering the ground segment communications between earth and space. We also have to consider that we'll be running actually dedicated solutions on the satellites themselves that will be needing protecting for the keys, that will be proprietary software algorithms and many others.
And of course moving forward with more compute, we also have to take into consideration that it will be a mix of applications between earth and space. It will require the aspects of ensuring that they are protected as well. So looking from the user interaction, we know that the users for now are mainly on earth.
They are communicating via the ground station infrastructure, via space, via the ground stations sending information to space to the respective space infrastructure as well. So where does quantum compute for the application and algorithms? And especially for the scope of the talk, we are focusing on post-quantum cryptography that is relying on hard mathematical problems that are hard to solve for both quantum computer but also classical computers as well. So in that sense, we see that because it's a software solution mainly, the post-quantum cryptography as well is becoming more adopted and it's also serving as an easier replacement for both on earth infrastructure because you don't need to have a dedicated QKD distribution mechanisms and upgrading the hardware layer itself, you can do it in software.
And the same holds for space as well. And I'll be also mainly focusing for the scope of the talk on the aspects of PQC in general as well. With that, I already tried to outline that the migration to post-quantum cryptography is starting in software.
So we can already actually do a lot of activities now, especially I'm not sure for those that are following it actively. Post-quantum cryptography has been standardized over the last years by NIST. So we have dedicated schemes for key exchange mechanism, ML-CAM, and for signing mechanism, ML-DSA, that already can be used in public.
And we start to see this hybrid approach of relying on classical cryptography, symmetric cryptography, with PQC, post-quantum cryptography together. We also start to see a shift for post-quantum cryptography for certificates and signatures. And we also start to see that more and more industry adoption is happening on the aspect of having dedicated crypto policy for updates, readiness, and stuff moving forward.
And we also see that, especially for the aspect of the talk, remote attestation capabilities moving forward will also provide a workflow on how can we actually upgrade to post-quantum ready solution as well. And here the important part is that we want to preserve compatibility with current schemes while we are moving and transitioning to post-quantum cryptography. And as mentioned, everything is starting with software because it's easier, and eventually we see a lot of adoption and development also on the hardware side to be able to offload more compute to hardware, get the right speedups from hardware, but also, this will be something I will try to address, provide a possible security solution for the post-quantum cryptography as well.
So to summarize, the recommended model moving forward is to ensure cryptographic agility, which means that you can actually have an easy way on how can you upgrade your software and ensure that your solutions can cope with it in case there are any changes. Because the post-quantum cryptography standards we have now are understood, are hopefully well tested, but of course, with cryptography, always it's a matter of years of getting confidence that the solutions are valid. And in case there will be a possible new attack that will be breaking some of the hard problems that we currently know, for example, in the lattice-based cryptography, it's important to have this agility in mind that in case we need to upgrade our solutions to different type of algorithms and others, that we can move fast and be able to mitigate different type of threats.
And I think the important part as well is that we don't want to lower the security assumptions we have on our system, and this is the reason why we see more and more hybrid solutions. So we are not throwing away completely the classical cryptography we know from now, but are trying to find a good mixture of current security with adding... For cryptography libraries is one example where you need to upgrade the software, but of course, many other functionalities in software have to be protected as well. And this brings me to the second point.
We upgrade the software, but it also means that the private keys themselves that we are using on each part of the site actually also have to be protected. And this is the part that we are currently working on at Space Computer as well. We want to provide secure orbital execution as well.
And the technology we are using on that front are trusted execution environments. So the general idea of trusted execution environments and confidential computing is to provide an environment for data in use, so you can actually rely on the CPU instructions that are available to you to get a dedicated secure location for your code and data where it can be executed, and provides you confidentiality and integrity of your respective solutions running inside of this type of enclaves. And more importantly, you can not only have the confidence for yourself, but actually you can also show it to others by having attestation capabilities as well.
We recently published an article called Space Fabric where we are trying to provide an overview on how can we actually provide this type of solutions dedicated for space environments, because there are several unique features that I will try to unfold with respect to moving confidential computing to space as well. Trusted execution technology is something that is actually quite known on Earth, so it's not something that is novel in that aspect. But what is novel is the model we try to operate in, which is space.
If you look at current solutions on Earth, they usually rely on some form of hardware root of trust that is usually the manufacturer of the respective chip. Also by default, trusted execution environments tell you what is the code they are running, but it doesn't tell you anything about where the code itself is operating. So in case you assume certain aspects of properties of space, such as physical isolation, you of course need to have the option to bind the execution to also the environment you are operating in.
It doesn't also solve out of the box auditability and supply chain issues, and something that is also interesting for the scope of this talk as well is of course it doesn't always provide a clear post-quantum cryptography transition. And for that, we are looking into solutions that actually tries to mitigate many of these problems by making sure that the private keys we are using are never generated on Earth, are only generated actually in space, on a spacecraft. We are relying on different type of secure elements on board of the spacecraft itself that either can be fully open source or are certified solution depending on what is the need of the particular solution, which aims to provide also supply chain protection.
And something that is novel to our work as well, we are offering so-called proof-of-execution triangulation, or proof-of-ET, that aims to provide you the confidence that actually the execution and the computation is really happening in space. We are trying to provide a layered approach to ensure that the private keys that themselves are actually running inside of this environment can be protected by making sure the host operating system itself is secure. We try to minimize the trusted compute base, which is very important to make sure that you have hardened type of information running inside of the TEE.
We are introducing the satellite execution assurance protocol that is the in-detail outline inside of the paper itself. And in general, for the sensitive compute, such as for example post-quantum cryptography operations, can be offloaded inside of this trusted execution environment because unlike for example HSMs or TPM that are very specific to particular execution and a particular firmware, here we have an option to provide general purpose programmability as well. And on that front, we are currently relying on several hardware components that actually already provide and have in mind transition to post-quantum cryptography as well.
And in that sense, we see that the trusted execution environments themselves can actually serve as an intermediate step for your crypto readiness with respect to the transition and crypto agility to provide a storage in a secure fashion for your post-quantum cryptography keys. And make sure that you also have the attestation flow that can convince others in this post-quantum crypto fashion as well. I talk about keys as one of the use cases, but I think there is also a potential for future directions that it's something that we'll be happy to explore as a follow-up discussion as well.
And this is something that we see that certain aspects of space industry are not scalable by design. Many aspects of the missions we see are usually operating in silos. There are purpose-based missions that are licensed and used by a single customer.
We also see that in case you want to actually launch something to space, there starts to be quite a scarcity on the launch provider side. And something that also is interesting to observe is that there are comparable missions trying to do something similar, but are operated by different parties as well. And in that sense, what we see as a possible opportunity as well is to consider using something like confidential computing to leverage the capabilities and unique properties of space, such as physical inaccessibility, the jurisdiction of neutrality, and also make sure we can bypass the terrestrial exposure depending on the location you are operating in.
So in that sense, we believe that in the shared infrastructure model, we can find a way on how we can decrease the cost by, for example, using solutions like confidential computing to decrease the trust assumptions we have on different peers sharing the same payload. You can also buy that in case you find a trust-minimized version to actually integrate an interoperable solution between different types of satellites as well. You can actually also increase the overall speeds and provide better security to the users.
So with that, we know that the economic answer to scaling space infrastructure is through shared orbital infrastructure. But of course, talking about security aspects at a different stage, we know that also the security problem is shared orbital infrastructure because you know that if you have to share infrastructure, you have to consider that you have the proper trust boundaries between the individual users of the system as well. And on that part, we definitely see a lot of interesting transition that can be accompanied by software and hardware solutions together to provide trust-minimized architecture that can actually provide this type of capabilities and unlock many new use cases as well.
So in summary, we can observe over the years that space is becoming strategic infrastructure for different type of use cases. It's covering the communication, the ground segment, and of course, the aspects happening in space, the computing space. But of course, the design phase already is happening way before with respect to identifying the right parties and handling the supply chain as well even before we send anything to space.
Post-quantum cryptography, as we currently observe it, it's a migration problem, so you have to make sure that actually you can accommodate for many of the aspects of this cryptographic agility that you will need moving forward. And the algorithm side is sound, it's there, just we have to make sure that the processes along the way to make sure we can actually upgrade and stay up-to-date with the latest development are also in place. We are looking into a possible solution that can provide some of the unique capabilities with respect to crypto agility and unique features with respect to multi-tenancy and others.
And we have actually a couple of missions in the pipeline to validate some of our approach as well. So in case you are interested to find out more about quantum communication, solutions and algorithms, happy to get in touch, get connected, and we'll be also around here with a colleague of mine as well. Thank you very much for your attention.
Ready to explore what solutions SpaceComputer has to offer? Head to our website!
Follow us on LinkedIn and Twitter (X).
Discover your next read on post quantum cryptography and quantum communications in space:
Tara Jean
