Quantum computing is based on the quantum mechanics principles of superposition and entanglement. Scientists say that quantum computing will cause seismic shifts in cryptography as we know it and will put all known split key (or asymmetric) cryptographic algorithms at risk.
2019 was a milestone year for quantum computing. Google’s announcement of achieving “quantum supremacy” sparkled the debate once more over the impact of quantum computing in cryptography. The truth is that the future of quantum computing is going to be a “quantum leap”.
The National Institute of Standards and Technology (NIST) is already researching methods to deal with the effects of quantum power, and for good reason: hackers may access quantum computers as they become commercial. Quantum computers can launch attacks that break asymmetric cryptography, rendering the entire PKI-based encryption method obsolete. As technology becomes capable of defeating a higher proportion of current and legacy security efforts, cybersecurity in 2020 will be defined by the need to stand out. Therefore, governments and organizations, such as NIST, are racing to become cryptographically quantum resilient.
National Initiatives in 2020
2020 will see an ongoing increase in state-sponsored efforts to establish hegemony in the quantum race. Let us not forget that Representative Will Hurd of Texas, chairman of the congressional subcommittee on information technology, said that “In the same way that atomic weaponry symbolized power throughout the Cold War, quantum capability is likely to define hegemony in today’s increasingly digital, interconnected global economy.”
The race for quantum information science (QIS) will continue. Considering the consequences in terms of cryptology, known as a “crypto-apocalypse”, no country may allow another state or a foreign company to be the first to develop quantum computing.
China will complete the $10 billion National Laboratory for Quantum Information Sciences in Hefei, Anhui province, for quantum research. This scientific initiative together with those of the recent past, such as the terrestrial quantum-communication link between Beijing and Shanghai and the Micius satellite, could secure China’s government communications against foreign observation – at least until post-quantum cryptanalysis becomes a functional reality.
The US government will continue its National Quantum Initiative Act to accelerate quantum research and development for the economic and national security, which is funded with $1.275 billion from 2019 to 2023. The US has a long history of investing in quantum science, but it’s lacked a comprehensive strategy for coordinating research efforts. The bipartisan quantum act aims at eliminating this lack of strategy by creating new research centers that bring together academics from different disciplines, such as computer science, physics, and engineering, to help conduct experiments and train future quantum researchers. It will also encourage large companies and startups to pool some of their knowledge and resources in joint research efforts with government institutes.
In Canada, Honeywell and the Canadian Space Agency will continue working on building a quantum cryptographic satellite to orbit the Earth by the end of 2022.
European nations are also investing substantially in a post-quantum world and making significant advances. The European Commission’s quantum-technologies flagship program will be a large-scale research initiative in the order of €1bn over a 10-year period. It is intended to focus on four main areas of quantum technology: communication, computation, simulation and sensing.
In the Netherlands, QuTech is working on a quantum mechanics system with the aim of creating a secure communications network between four different cities in the country by the end of 2020. Testing quantum theory will eventually lead to building a “quantum internet“, which will give rise to new kinds of coding, and allow for faster-than-light communication — possibilities that have powerful appeal for government agencies and the private sector alike.
Quantum communication will become an important technology for organizations that handle sensitive and highly-valuable information. As quantum technology advances, organizations will be forced to protect their information and communications against cryptographic attacks through quantum resistant communication technology.
At a moment when cyberattacks are carried out with increasing ease, improving the security of communications is crucial for guaranteeing the protection of sensitive information for states, private entities and individuals. The promise of quantum cryptanalysis is so alluring that some countries are already beginning to collect encrypted foreign communications with the expectation that they will be able to extract valuable secrets from that data in the future. When quantum cryptanalysis does become available, it will significantly affect international relations by making broadcast communications open to decryption. For countries that extensively rely on encryption to secure military operations, diplomatic correspondence or other sensitive data, this could be a watershed event.
Take a moment to imagine a global leak, an explosion of data unlike anything we’ve experienced to date, where the innermost secrets of virtually every government, corporation, and entity on the planet become publicly available. Then combine this with the collapse of all trust on the internet. What would result is an undeniable destabilization of cyberspace and geopolitical stability.
As quantum computers continue to improve, enterprises and the general public will become increasingly aware of the threat they pose to the cryptographic systems that underpin all digital security globally. We will see a greater focus on crypto agility, or the ability to update cryptographic algorithms, keys and certificates quickly in response to advances in cracking techniques and processing speed. To prepare for these inevitable cryptographic updates, more enterprises than ever before will explore automation as a critical component for ensuring future-proofed security.
Quantum computing is advancing rapidly, and its impact is likely to be large. Business and technology strategists should monitor progress on the evolution and potential implications of quantum computing starting now. Confidential data, over-the-air software updates, identity management systems, connected devices, and anything else with long-term security obligations must be made quantum safe before large quantum computers are finally developed. Quantum-resistant security was important yesterday.
In August, we announced collaborations with ISARA Corporation and ID Quantique to make quantum-safe crypto more widely available for data protection in the cloud, applications and networks. For more information, please visit Thales helps organizations combat the future security threats of quantum computing, In the meantime, watch this space and Thales’s role in it.