A few weeks ago, the National Academies of Sciences, Engineering and Medicine published a new report exploring the progress and prospects – or lack of – around quantum computing. Highlighting several technical and financial problems that need to be overcome before a functional quantum computer can be built, the report states it’s too early to even predict a timeline for the development of the technology.
While this may come as a surprise to some people, the progress and growth of these technologies has fluctuated so dramatically over the years that some experts believe we may never see a large-scale implementation.
However, despite still having a way to go, the prospect of a sudden breakthrough should not be overlooked. Ample preparation and understanding are key to the successful adoption of this latest scientific opportunity. In fact, the only way for organisations to be first out of the gate is if investment in post-quantum is made in 2019.
New technologies = new risks
The arrival of large-scale quantum computing promises huge advances in multiple fields, with certain problems becoming much easier to solve and the chance to find new ways of innovating. For instance, NASA is looking at using quantum computing not only to analyse the enormous amount of data it collects about the universe, but to research safer methods of space travel.
However, with new technologies comes new threats. Chief among these is the danger quantum computers pose to IT security. Our information systems are only secure because modern computers cannot solve certain mathematical problems. Once quantum computers arrive, the game will change and some existing defences will become worthless.
Unlike their classical counterparts, quantum computers will be able to solve these mathematical problems incredibly quickly. The algorithms we use today for digital signatures and key exchange will no longer be strong enough to keep data secret once a sufficiently powerful quantum computer is built. This means core cryptographic technologies we rely on, such as RSA and elliptic curve cryptography, will become insecure. These asymmetric algorithms underpin the majority of our security systems today, including everything from web browsing to financial transactions.
Use your time wisely
No-one really knows when a sufficiently powerful quantum computer will exist, so before this moment arrives, all security systems will need to be updated to use algorithms that are strong enough to withstand attacks from both classical and quantum computers.
The security community is still deciding which algorithms should be used in a post-quantum world. Until the selection is made, companies should focus on being crypto agile. This means designing (or re-architecting) products so they can easily switch between algorithms. This will also ensure systems are ready to make the switch to safe technologies as soon as they are chosen.
I’m optimistic about the future of post-quantum cryptography and organisations should be too, using the time they have to perfect their approach and futureproof their technology. I’ll be writing more on the topic of quantum next year, so keep an eye out for further posts with advice on best practice for security, in the realm of next-generation computing.