Michele Mosca is co-founder and deputy director of the Institute for Quantum Computing at the University of Waterloo, researcher and founding member of the Perimeter Institute for Theoretical Physics, and professor of mathematics in the department of Combinatorics & Optimization at the University of Waterloo. He has held a Tier 2 Canada Research Chair in Quantum Computation since January 2002, and has been a scholar for the Canadian Institute for Advanced Research since September 2003. [1] [2] Mosca's principal research interests concern the design of quantum algorithms, but he is also known for his early work on NMR quantum computation together with Jonathan A. Jones.
Mosca received a B.Math degree from the University of Waterloo in 1995. In 1996 he received a Commonwealth Scholarship to attend Wolfson College, Oxford University, where he received his M.Sc. degree in mathematics and foundations of computer science. On another scholarship (and while holding a fellowship), Mosca received his D.Phil degree on the topic of quantum computer algorithms, also at the University of Oxford. [1]
In the field of cryptography, Mosca's theorem addresses the question of how soon an organization needs to act in order to protect its data from the threat of quantum computers. A quantum computer, once developed, would have the capacity to break the types of cryptography that have been widely used throughout the world, such as RSA. Although this is known risk, no one knows exactly when a quantum computer will be created. Mosca's theorem provides a risk assessment framework [3] that can help organizations identify how quickly they need to start migrating to new methods of quantum-safe cryptography.
Mosca's theorem was first proposed in the paper "Cybersecurity in an era with quantum computers: will we be ready?" by Mosca. [4] They proposed that if X + Y > Z, then organizations need to worry about the impact of quantum computers on their data. In this formula, X is the amount of time a given piece of data needs to be secure (shelf life); Y is how long it will take your organization to implement post-quantum cryptographic solutions (migration time) and Z is how long it will be before a sufficiently strong quantum computer exists (threat timeline). [5] [6] [7]
While the value of Z is unknown, many national information technology organizations predict the year 2030 [8] or 2035. [9] Given the complexity of migrating to post-quantum cryptography, Mosca's theorem suggests that most organizations need to be transitioning soon, or are perhaps behind schedule.
Mosca's theorem helped justify the National Institute of Standards and Technology’s 2016 strategy to establish a handful of PQC algorithms with the international community. [10]