Quantum computing, once the subject of jokes about perpetual future technology, is no longer a laughing matter. While the engineering challenges involved in creating a robust quantum computer are still immense, recent advancements in early prototypes suggest that the future of quantum computing may arrive sooner than expected. As a result, organizations that handle large amounts of data need to start preparing for the quantum era. The US National Institute of Standards and Technology is scheduled to release post-quantum encryption standards next year, making it critical for data-rich entities to consider how to migrate to a quantum-safe environment.
Utilizing the peculiar behavior of subatomic physics, quantum computers operate differently from traditional computers and offer an expanded range of solutions to complex problems. Some companies have already begun exploring hybrid approaches that combine the capabilities of rudimentary quantum computers with conventional computing to optimize various industries, including logistics, aviation, retail, and advertising. Alan Baratz, CEO of D-Wave, a quantum computing company, attests to the present reality of quantum computing.
However, alongside the possibilities of quantum computing, serious threats also loom. Security experts caution against “Q-day,” the hypothetical moment when a quantum computer can crack the widely used RSA cryptosystem. Tech companies, banks, and governments depend on RSA encryption to protect their data, making the threat of a quantum attack a pressing concern. The heads of the intelligence agencies of the “Five Eyes” nations—United States, United Kingdom, Canada, Australia, and New Zealand—recently issued warnings about the dangers posed by China’s activities in quantum computing, artificial intelligence, and synthetic biology. As Ken McCallum, director-general of MI5, aptly put it, “If you’re close to the cutting edge of tech, geopolitics is interested in you.”
The potential vulnerabilities associated with quantum computing have been a concern among security experts since 1994, when mathematician Peter Shor devised an algorithm capable of running on a quantum computer to break RSA encryption. Although it may take another decade or more until a stable quantum computer capable of running Shor’s algorithm is developed, uncertainty remains about when that day will come.
Thankfully, the field of quantum cryptography has anticipated this problem, offering a preemptive solution. Since 2016, the US National Institute has been actively gathering and evaluating quantum-proof encryption techniques. Next year, it will release four approved encryption standards that will set the tone for global adoption. Elham Kashefi, chief scientist at the UK’s National Quantum Computing Centre, stressed the importance of organizations holding sensitive data being acutely aware of the threat posed by Q-day. In her own words, “You should be very worried.”
One particular concern is that adversaries today could amass data and decrypt it at a later time, once quantum computers have advanced. While this might not pose a significant issue for compromised data such as a supermarket’s sales records, it becomes a different story when sensitive personal information or health records are involved. Transitioning from one encryption protocol to another across thousands of organizations will undoubtedly take years to implement fully. As a result, cybersecurity experts are urging companies to proactively consider adopting encryption standards approved by the National Institute of Standards and Technology.
The shift towards a quantum-safe world will undoubtedly create lucrative opportunities for cybersecurity companies. PQ Shield, an Oxford-based startup, recently organized a conference of experts to explore the applicability of NIST’s mathematical encryption drafts in practical hardware scenarios. According to Ali El Kaafarani, the founder of PQ Shield, the news is positive. In his opinion, NIST-approved encryption schemes are exceptionally secure and challenging to break using either a classical or a quantum computer. While no security solution is perfect, these schemes offer robust protection.
In a conversation earlier this year with Peter Shor, the mathematician himself predicted that it could still be several decades before a quantum computer capable of running his algorithm emerges. Nevertheless, Shor humorously captured the essence of the quantum conundrum in a limerick:
“If the computers you build are quantum,
Spies of all factions will want ’em.
Our codes will all fail.
They’ll read all our email.
Till we’ve crypto that’s quantum and daunt ’em.”
As technology steadily advances, it is crucial to recognize the potential of quantum computing and the risks it poses to traditional cryptographic systems. The time has come to take quantum threats seriously and prepare for a future that may arrive sooner than we think.
What is quantum computing?
Quantum computing is a revolutionary field that leverages the principles of quantum mechanics to develop computers that operate differently from traditional computers. By exploiting the peculiar behavior of subatomic particles, quantum computers can potentially solve complex problems more efficiently than classical computers.
What are the dangers of quantum computing?
The main danger associated with quantum computing lies in its ability to crack current encryption methods, such as the widely used RSA cryptosystem. Once a powerful enough quantum computer is developed, it could render current cryptographic systems obsolete, jeopardizing the security of sensitive data held by individuals, organizations, and governments.
What is Q-day?
Q-day refers to the hypothetical moment when a quantum computer becomes capable of breaking widely used encryption schemes. It represents a significant threat to current cryptographic systems and requires organizations to prepare for the transition to quantum-proof encryption methods.
How can organizations protect themselves from quantum threats?
Organizations should start thinking about migrating to quantum-safe encryption standards approved by reputable bodies like the US National Institute of Standards and Technology. The transition may take years to implement fully, so early preparedness is crucial to maintaining data security in the quantum era.
Are there reliable quantum-proof encryption schemes available?
Although no security solution is perfect, the National Institute of Standards and Technology has been actively working on quantum-proof encryption standards since 2016. These schemes are designed to offer robust protection against potential attacks from both classical and quantum computers.