Guest Blog: Quantum safe cryptography – waiting to save the world

Future quantum computers will one day bring us many great benefits. Unfortunately they will also break many of the cryptographic protocols on which current Internet security depends. Google’s quantum supremacy breakthrough notwithstanding, this is still most likely many years off. However, sensitive data intercepted and stored today, or long lifecycle infrastructure could already be at risk. Businesses should review their cyber security exposure to understand how this changing environment affects them.

 

In the modern economy, we face many cyber security threats- from forgetful users to corrupt employees, from poorly patched systems to malicious malware. However, the threat posed by future quantum computers is of a different order of magnitude.

With a quantum computer of sufficient size, it will be possible to systematically break key elements of our underlying security infrastructure, including the digital signature and public key cryptographic protocols upon which the Internet and almost all corporate networks depend for basic security. Unaddressed, this threat would destroy the modern digital economy.

Therefore, the world needs quantum safe cryptography. Fortunately, many groups around the world are already working hard on solutions to this challenge. The new tools being developed include the new maths-based algorithms of PQC, supplemented by new physics-based approaches such as QRNG and QKD. Unfortunately, how businesses should respond is complicated by a number of factors.

 

A growing threat & uncertain time horizons

Google’s prototype quantum supremacy device is much too small and limited in its capabilities to pose a threat today. Experts routinely agree that the road to creating a large scale universal quantum computer remains a long one. When might a quantum computer large enough to mount an attack on existing security protocols be built? Estimated timescales vary wildly:

  • Some continue to doubt that such devices will ever be built [52], though this is now clearly a minority view in the community [1, 6, 39, 40, 53, 68].
  • A more general expert group assessment on behalf of the US NASEM concludes ‘not within the next decade’, implying 2029+ [53].
  • An expert group assessment for the German government has conclusions broadly in line with NASEM, though it points to current publically published data being inadequate for a robust extrapolation of a timeline [41].
  • One academic study (focussing on cryptocurrency security) indicates an earliest date of 2027+ [51].
  • The Global Risk Institute and evolutionQ have recently published a Quantum Threat Timeline report [68] based on a targeted survey of leading international experts. This flags a majority view of a small but non-negligible chance within 5 years (c.1-5%), but significant risk within 10 years (c.5-30%).
  • Most assessments include caveats on the potential impact of “a program where an industrialized nation pours a large part of its research and development activities into a single project comparable to the Apollo program and the Manhattan project” [4, 41, 68].
  • Some point to the possibility that advances in quantum error correction technology could change this timeline [59].
  • To further complicate the picture, the potential of analogue quantum simulators and specialist devices such as D-Wave or Fujitsu‘s annealing based processors is less well quantified and devices of this type retain the potential to further disrupt timelines [33].

Care must be taken in interpreting the dates above. Most experts would agree that the likely timescale for any such large scale quantum computers is probably much further off. Simple projections of ‘numbers of qubits’ are likely to mislead the lay-reader due to the different technologies being discussed and the continuing innovation going on around the whole quantum software stack. Google’s quantum supremacy announcement is actually slightly behind the schedule most of the above authors would have assumed. However, relatively early dates cannot be ignored in the context of prudent risk management.

 

Current threat

What greatly complicates the challenge that many companies face is that data that is intercepted and stored today will be vulnerable to decrypt when a sufficiently powerful quantum computer is built in the future. Boards must be aware that sensitive data with a long shelf life is already at risk.

Many businesses will also be planning investment in assets that they expect to have a long lifecycle. Ensuring these assets will remain safe from future threats is itself a challenge. This is further complicated by the scope of the other great technologies transforming our communication networks.

 

Post-Quantum Cryptography

Work to refine quantum-resistant maths based cryptographic algorithms is not new and has been gathering pace since around 2006. Starting in 2016, NIST has formalised a process with multi-national participation to evaluate and standardise PQC protocols with a focus on digital signatures and public key encryption.

Of 82 original submissions, 69 candidates were accepted for ‘round 1’ evaluation during 2018. Of these, 21 were broken or significantly attacked. 26 candidates were then selected for continued ‘round 2’ evaluation during 2019-20.

 

Quantum Cryptography

A complementary approach to communications security is provided by the physics-based techniques of quantum cryptography. These include QRNG for producing true random numbers (a potential benefit even in existing crypto systems) and QKD for secure key exchange immune to the computational threat posed by future quantum computers. Quantum cryptography can also offer some more subtle benefits, for example potential eavesdropping attacks can be detected in real-time allowing a quantum alarm function to be added to our cyber security armoury.

 

Gathering pace

Following early test networks in the US and Europe in 2003 and 2004, QKD has for years seemed to be on a slow burn in the West (mainly due to the practical limitations of early systems and the high cost of hardware and infrastructure). However, following the dramatic demonstration of QKD from space made by China’s Micius satellite in 2017, work on quantum networks has now accelerated around the world.

 

Read the full article here for more information and actions for businesses!

 

David Shaw is a Director at Fact Based Insight, which aims to help business and investors anticipate how new discoveries and new thinking in selected high impact areas will change the way the world works.

 

 

If you would like to find out more about techUK's #QuantumFuture week, jump to our landing page now or get in touch with Tom.Henderson@techUK.org or Sue.Daley@techUK.org today!

  • Tom Henderson

    Tom Henderson

    Programme Manager | Smart Cities and IoT
    T 020 7331 2043
  • Sue Daley

    Sue Daley

    Associate Director | Technology & Innovation
    T 020 7331 2055

Share this

FROM SOCIAL MEDIA

The timings you need to make the most of tomorrow's Innovation Den: @JdR_Tech at 10:00 @RaytheonIntel at 10:10… https://t.co/n9plfB1xCM
Last week @techUK was delighted to host @CSBCook and @MillsMills76 from @scotgov Digital Team for a roundtable disc… https://t.co/3jtnusK8cC
Sustainability #post-COVID As the planet took a break from human activity over the last few months, what are the le… https://t.co/JGBnaHWvMv
We're looking forward to our #cyberinnovation den, taking place tomorrow. A big thank you to our sponsors @UKCloudXhttps://t.co/dVbEUzk5xZ
.@DedalusUK In the latest guest blog for techUK, Sara Mintrone, Head of Product Management at Dedalus, highlights h… https://t.co/wdoZkignw3
.@DrJonathanBloor @System_C @GraphnetHealth analyses the organisational changes that have made the #NHS embrace inn… https://t.co/R7CSeTQQlh
Our CEO Julian David, @techUKCEO adds "The pandemic has shown the power of technology in keeping us connected with… https://t.co/lz1NAcc3kh
#HealthtechUK week continues as we seek to answer - what is the role of technology in preparing for future public h… https://t.co/ccGDXQKaTJ
Become a Member
×

Become a techUK Member

By becoming a techUK member we will help you grow through:

Click here to learn more...