Nicola Sfondrini – Digital and Cloud Strategy Partner at PWC.
Quantum computing has taken ideas from the background of theoretical physics and brought them into the real world. Where once it was a technology about which specialists pushed the techno-futuristic boundaries of speculation, quantum is becoming our predicted future, with consequences for everything from cyber security to drug design.
As quantum computers proliferate, they could complement—or perhaps replace—the existing digital infrastructure dedicated to modern security. The quantum horse is out of the gate and sprinting, and the technology’s ability to perform certain calculations in far less time than current systems can achieve will have ramifications for digital infrastructure around the world.
What in the world is quantum computing, then? Any classical computer operates on binary bits that exist in one of two states at any instant of time, a 0 or a 1. A quantum computer operates on pieces of information called quantum bits (or qubits) that use a counterintuitive property of called overlap to exist as 0 and 1 at the same time.
Another strange property of qubits called entanglement means that a qubit is connected to one or more partners in such a way that the qubit ends up being part of an interconnected whole. Putting a bunch of these qubits together allows a quantum computer to perform a set of calculations on the scale of what the human brain does.
Proof of this can be seen in another immediate practical expression of the potential of quantum computers. Google claimed it had actually achieved quantum supremacy in 2019 when it announced that its quantum processor, Sycamore, was able to complete a particular task in 200 seconds – about 10,000 years faster than the most powerful conventional supercomputer available on Earth . So quantum computing has the potential to disrupt the entire fabric of any sphere of human endeavor by enabling us to solve complex problems that cannot be solved today.
Threats to cyber security
Quantum computing provides new ways to efficiently perform certain types of mathematical calculations that undermine current cybersecurity protocols based on the difficulty of those mathematical problems. RSA and elliptic curve cryptography (ECC) are the preferred modern public-key cryptosystems that many protocols and websites on the public Internet use to protect user privacy. To encrypt messages using each protocol, we use the fact that a certain mathematical problem is considered difficult to solve directly.
Say we want to make it hard for Mallory to read our messages. For RSA, we generate a large prime number and then compute another number with a private math structure that relies on its cycle length. Using this number as a key, we share it publicly with the world. For ECC, we generate a pair of mathematically scrambled numbers that privately share a cycle length. This number is also then shared publicly with everyone.
A much faster, more pressing adversary is the “harvest now, decrypt later” approach where an attacker can harvest encrypted data now and decrypt it later once a quantum computer is available. This includes sensitive data that needs to be kept secret for decades – anything held by government agencies or companies that will want to keep it confidential for centuries.
Current and future responses
States and big businesses are preparing to take preventive action against the destabilizing effects of quantum computing on cyber security. In the US, the Quantum Computing Cybersecurity Preparedness Act and the National Security Memorandum have provided the legislative framework through which the potential threats associated with increased privacy encryption have been addressed.
The world’s leading authority on developing new and improved encryption standards, the US government’s National Institute of Standards and Technology (NIST), is creating state-of-the-art PQC to support data cryptography going forward. Tech companies like Apple and Google are actively creating and implementing new quantum-secure cryptographic protocols to protect their services against future quantum threats.
Challenges And Opportunities
It is more difficult to improve existing systems to be post-quantum secure. Many existing systems may not easily adapt to new cryptographic algorithms, or will require significant infrastructure overhauls. Cryptographic agility—the ability to modify security protocols in response to changing threats and technologies—will be paramount.
This is just one way for quantum computers to increase uncertainty. Quantum Key Distribution (QKD) is a method to distribute encryption keys in a very secure way that can detect if someone intercepts your channel and tries to read your message through quantum effects.
Recommendations for Organizations
Organizations must also prepare for the quantum future to ensure that quantum threats cannot breach their cyber security infrastructure. One of the first steps they should take is a risk assessment to identify the most vulnerable systems and data. Because the task will be massive, it is essential that they do it well.
The next step, and perhaps the most important step, is the transition to quantum-resistant encryption technologies. Now would be a good time to start identifying and deploying post-quantum cryptographic algorithms to replace or complement existing methods. This not only means embracing new technologies, but also having clear migration plans on how to move from classical to quantum systems.
Investment in human capital is also vital. Companies will need to train employees about the risks posed by quantum computers, as well as new types of security protocols and best practices. By the time the age of quantum attacks arrives, employees should be familiar with quantum computing, quantum-related security threats, and how to deal with them.
These steps can help organizations improve their preparedness and reduce uncertainty about the impacts that may result from the advent of quantum computing.
CONCLUSION
Organizations and governments alike will have to rise to the challenge and put in place measures that prevent data from falling victim to a quantum attack. The day of post-quantum security is upon us. Take steps to protect your information before it’s gone.
The Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology leaders. Do I qualify?
