It’s time to get serious about the dangers of quantum computing. The traditional joke that quantum computing is a technology of the future and will always be so is no longer amusing. The engineering obstacles of constructing a quantum computer robust enough to deliver on its astounding theoretical promise remain enormous.
However, early prototypes are evolving quickly, and the future may arrive sooner than anticipated. Every data-rich organisation should start thinking about how to transition to a quantum world now that the US National Institute of Guidelines and Technology is set to announce post-quantum encryption guidelines next year.
It’s time to get serious about the dangers of quantum computing
Quantum computers, which take advantage of the strange behaviour of subatomic physics, operate differently than traditional computers, expanding the set of viable solutions to many problems. Some companies are already investigating hybrid approaches, such as combining the present capabilities of primitive quantum computers and their conventional siblings to improve port logistics, airline scheduling, supermarket deliveries, and television advertising programming.
“Quantum is real today,” argues Alan Baratz, CEO of D-Wave, a Canadian quantum firm.
However, the dangers of quantum computing may surface faster than its benefits. Security experts warn of the perils of Q-day, when a quantum computer may defeat the RSA cryptosystem, which is widely used on data by internet corporations, banks, and governments.
Earlier this month, the leaders of the “Five Eyes” spy agencies (the United States, the United Kingdom, Canada, Australia, and New Zealand) warned of the dangers of China’s initiatives in quantum computing, artificial intelligence, and synthetic biology. “If you’re on the cutting edge of technology, you might not be interested in geopolitics, but geopolitics is interested in you,” remarked Ken McCallum, director-general of the British intelligence agency MI5.
Security experts have been concerned about the world’s digital secrets since 1994 when mathematician Peter Shor devised an algorithm that could run on a not-yet-invented quantum computer to crack RSA. It could be a decade (or more) before we have a quantum computer stable enough to run Shor’s algorithm, but we never know when that day will come.
However, this is one of those rare technological sectors in which the answer anticipates the problem. Since 2016, the National Institute of Standards and Technology has been seeking and testing quantum-proof encryption. It will publish four approved standards next year, which will then be accepted by other organisations worldwide.
According to Elham Kashefi, chief scientist of the UK’s National Quantum Computing Centre, it would be “very worrisome” if any company that stores sensitive data was not already aware of the possibility of Q-day. “You should be very worried,” she said earlier this month at the Sifted Summit.
Kashefi expressed fear that enemies could use data now and decipher it later when quantum computers were built. That might not matter if the previous, corrupted data included daily sales statistics from a grocery. However, if the data contained health records or sensitive personal information, the situation would be different.
Switching from one encryption regime to another will take years to implement across hundreds of businesses. As a result, cyber experts are recommending businesses start thinking about how to implement a NIST-approved encryption standard right away.
Some cyber security firms will benefit greatly from the transition to a quantum-proof society. That is the ambition of PQ Shield, an Oxford-based start-up that recently hosted an expert symposium to investigate if NIST’s “beautiful” mathematical draughts might be implemented in the “nasty” hardware world. The good news, according to PQ Shield creator Ali El Kaafarani, is that they can.
“Does a perfect security solution exist? No. “It never existed,” he says. “But my personal view is that these schemes are very secure and strong and very difficult to break on either a classical or a quantum computer.”