Alan Duric
Despite the buzz around quantum computing, the technology today is still in its infancy; to put it into perspective, pioneering quantum computing providers such as IBM will only be able to hire out time on a quantum computer to enterprises in the next few years, and the concept of ubiquitous quantum computing is still at least 10 -15 years away even by the most optimistic of industry experts. So with the rise of quantum and its associated risk being still relatively ‘far off’, why does quantum pose a threat to the security of data in current systems and why should enterprises and governments be concerned about implementing post quantum resistance security technology today?
The promise of quantum
Quantum computing uses the properties of quantum physics to store data and perform complex operations. While today’s ‘classical’ computers currently encode information in binary “bits” that can either be 0s or 1s, a quantum computer uses quantum bits or qubits as its basic unit of memory. Due to a phenomenon called quantum speed-up, qubits enable complex calculations or operations that would take bits or classical computers years to solve, to be done in seconds or tenths of seconds.
The power of quantum computing therefore promises to unleash a whole host of new possibilities. In the field of chemical and biological engineering, quantum will speed up modelling processes such as DNA and RNA. It has the potential to open up new opportunities in artificial intelligence; through combinatoric processing of very large quantities of data, enabling for example better predictions and decisions to be made from facial recognition or fraud detection technology. And in financial services and investments, where millisecond speed advantages in obtaining price information can be fundamental, quantum algorithms stand to bring significant disruption and progression in this field.
The threat to current data security
Together with promising huge progression across industries through enabling laser-quick calculations and combinatoric data processing, quantum computing does however have a significantly worrying downside; it holds the power to ‘crack’ even the highest standard of data security encryption codes within seconds.
Cryptography is at the heart of our global internet economy from online banking to guarding intellectual property as well as secure and private communications between individuals and organisations. As the fundamental security setting for government and enterprise communications, it plays an important role in national security. Ultimately, unless measures are taken to secure current data security processes, quantum computing stands to effectively unveil a wealth of super-confidential data, including government state secrets and enterprises’ intellectual property by making this data accessible when the technology comes into force.
Why should governments act now?
Industry experts believe that it will take at least another decade before quantum computers with very large numbers of qubits – capable of decrypting data security – are available. We are therefore far from a cryptographic Armageddon but governments and enterprises still need to be aware of the threat that quantum poses to data secured by current security technology and take steps today to secure their sensitive data today so it stays safe for decades to come.
Governments are already increasingly worried about ransomware, and they should be. According to IDC’s 2021 Ransomware Study approximately 37% of global organisations said they were the victim of some form of ransomware attack in 2021. And the threat of ransom attacks is surging. A report by Verizon ransomware doubled in frequency in 2021 and accounted for 10% of all data breaches.
However, the emergence of quantum computing presents an even greater risk. Ransomware only holds data hostage – it adds another encryption layer so the attacker cannot see the actual data, which means hackers can demand ransom but not sell the data. With quantum computing, hackers will be able to actually decrypt, access and sell the data, making these attacks more profitable for hackers and extremely dangerous for governments.
Ransomware aside, governments also need to act to protect their confidential data from other nations. Only last month, a report by Tech consultancy, Booz Allen Hamilton, Chinese Threats in the Quantum Era, warned of the threat from China in stealing high-value data, in order to decrypt it once quantum computers are able to break classical encryption. The report suggested that by the end of the 2020s, Chinese threat groups will likely collect data that enables quantum simulators to discover new economically valuable materials, pharmaceuticals, and chemicals.
In summary, governments need to put technology in place that secures the data they store both for today and for threats of tomorrow. By moving to quantum-safe technology they can be assured that their data is protected for whenever quantum computing becomes available. But how do they go about that?
How to implement quantum-safe technology?
Many technology companies have been working on quantum-safe solutions for a number of years and are developing a number of diverse solutions; these include quantum key cryptography (QKC) or post-quantum algorithms (PQA), where the principles of quantum mechanics are used to encrypt data and transmit it in a way that cannot be hacked. In reality many of these providers will update their security levels in order to stay well ahead of the threat from quantum computing, thus removing the onus of upgrading to quantum-safe solutions from their customers. However, governments need to ensure that the communications channels that they use across their organisation are ‘enterprise-grade’ and that they provide both sufficient security and assurance. They also need to ensure that employees do not use consumer apps, which do not have adequate security for government communications and which stand to compromise the systems put in place.
Already today, some dedicated secure communications platforms will have technology in place that offers a more robust protection against the threat of quantum. Such architectures could be described as being “quantum-annoying” since they would take much longer for a quantum computer to decrypt than a platform with standard security encryption. One important protocol called Messaging Layer Security (MLS) is being developed by the MLS IETF working group (which includes the likes of Oxford University, Facebook, INRIA, Google, Twitter and Wire and looks set to provide an important basis for quantum resistant technology. MLS is the first protocol to allow end-to-end encryption for large groups and thus breaks with the paradigm of a server-centric architecture, prevalent in most collaboration tools today. The use of MLS in collaboration platforms therefore will mark an important milestone in protecting data against the threat embodied by the power of quantum computing.
To sum up, the advent of quantum computing looks set to bring about exciting innovations across industry sectors but governments need to prepare today to protect their confidential data for when the technology matures. They need to implement policies that ensure their staff are using only ‘enterprise-grade’ platforms and partner with the technology experts who can provide the platforms to protect their data and offer governments peace of mind that the advances in technology do not lead to unleashing confidential governmental data or infringe on national security.
Alan Duric is CTO, COO and co-founder at Wire.
Recent Comments