Modern public-key encryption is currently good enough to meet enterprise requirements, according to experts.
Most cyber attacks target different parts of the security stack these days – unwary users in particular. Yet this stalwart building block of present-day computing is about to be eroded by the advent of quantum computing within the next decade, according to experts.
“About 99 per cent of online encryption is vulnerable to quantum computers,” said Mark Jackson, scientific lead for Cambridge Quantum Computing, at the Inside Quantum Technology conference in Boston on Wednesday.
Quantum computers – those that use the principles of quantum entanglement and superposition to represent information, instead of electrical bits – are capable of performing certain types of calculation orders of magnitude more quickly than classical, electronic computers.
They’re more or less fringe technology in 2019, but their development has accelerated in recent years, and experts at the IQT conference say that a spike in deployment could occur as soon as 2024.
Lawrence Gasman, president of IQT, compared the current state of quantum computing development to that of fibre-optic networking in the 1980s – a technology with a lot of promise, but one still missing one or two key pieces.
“Optical amplifiers were what got optical networking going,” he said. “Without them, they’d really have never turned into what they are today.”
Pure research, the military, and the financial sector are the prime movers behind quantum computing in general and quantum security in particular, according to Gasman. The latter, in particular, has been an enthusiastic early adopter of the technology.
“If you look at the amount of money lost to credit card fraud, that’s a huge driver,” he noted.
A shift to either different types of classical encryption – some algorithms have proven to be resistant to quantum computing – or to quantum computing-based security is going to be necessary.
Quantum computing-based security technology is effective because it relies on two of the best-known properties of quantum physics – the idea that observing a particle changes its behaviour, and that paired or “entangled” particles share the same set of properties as the other.
What this means, in essence, is that both parties to a message can share an identical cipher key, thanks to quantum entanglement. In addition, should a third party attempt to eavesdrop on that sharing, it would break the symmetry of the entangled pairs, and it would be instantly apparent that something fishy was going on.
“If everything is working perfectly, everything should be in sync. But if something goes wrong, it means you’ll see a discrepancy,” said Jackson.
It’s like a soap bubble, according to Brian Lowy, vice president at ID Quantique SA, a Switzerland-based quantum computing vendor – mess with it and it pops.
“At some point, you’re going to have to factor [quantum computing],” he said, noting that, even now, bad actors could download encrypted information now, planning to crack its defences once quantum computing is equal to the task.
The precise day of the shift will vary by industry, according to Paul Lucier, vice president of sales and business development at quantum computing security vendor Isara.
Devices that have short usage life like smartphones aren’t in immediate danger, because quantum security technology ought to be sufficiently miniaturised by the time quantum code-breaking is powerful enough to undercut modern public-key encryption.
It’s verticals like the automotive industry and the infrastructure sector that have to worry, Lucier said. Anything with a long service life and anything that’s expensive to repair and replace is potentially vulnerable.
That’s not to say that it’s time to rip-and-replace immediately. Standards bodies are expected to approve quantum-safe encryption algorithms at around the same time experts are predicting that quantum-powered decryption threatens modern security, so a hybrid approach is possible.
But the threat is very real, so much so that the National Quantum Initiative Act became law in December of last year. The act calls for official advisory groups to be formed by the executive branch, and directs research funding for further exploration of quantum computing technology.
So be prepared, the experts at the IQT conference all agreed.
“We think by 2026, if you’re not ready with your systems prepared, you’re taking a giant risk,” said Lucier.