Cryptography in a Quantum Computing World: Will Our Data be Safe?

I recently had the pleasure and privilege of talking about quantum computing’s potential to disrupt cryptography and, as a result, the underpinnings of the security of digital communications over the internet and public telecommunications networks, and the digital signatures that we use to securely identify the parties involved in data exchanges. The first of these talks, entitled “Cryptography in a Quantum Computing World: Will Our Data be Safe?” took place in June at the Payments Canada Summit and featured Dr. Taher Elgamal, CTO, Salesforce, and Michele Mosca, founder, Institute for Quantum Computing. I reprised the topic later that month at the Techno Security & Digital Forensics Conference in Myrtle Beach, South Carolina.

The Cliffs Notes version of the talk is that, when it becomes viable and practical, the power of quantum computing to quickly perform complex calculations means RSA and other public key cryptography—the flavors of cryptography we all rely on to keep data safe—will be easily cracked. When that happens, and unless we change our public key cryptography mechanisms, no communications or transfers of data will be safe from adversarial interception, cryptocurrency wallets will no longer be safe, and digital signatures will be able to be easily forged. Private texts and emails, financial transactions, health data transfers, and confidential business communications that were once protected by forms of cryptography we now take for granted, may as well be sent in the clear. Any malicious group or nation state with access to quantum computing resources will be able to solve the algorithms and decrypt the data in a matter of moments.

 

$51 Trillion at Stake
That’s a frightening prospect. Here are some statistics from CardRates that make it an even more frightening prospect:

  • 5,000 credit card transactions occur every second in the U.S.
  • In 2019 there were 39.6 billion combined credit card transactions in the U.S.
  • Globally there were 368.92 billion credit card transactions in 2018, or roughly 1.01 billion credit card transactions occur every day.

That’s just credit cards. It doesn’t include all other electronic financial transactions which, in the United States alone is roughly $51 trillion per year according to the Automated Clearing House (ACH) Network. We could go down a rabbit hole of all the other types of secure communications that take place each day, but I think you get the point. There’s a lot at stake.

Coviant Software has an interest because encryption is the foundation of secure, managed file transfer (MFT) technology like our Diplomat MFT platform. Companies that have to send sensitive data to third parties for processing or as part of routine business transactions need to certain that, when they do, the information is kept confidential. Whether that is because they have to remain compliant with various state, federal, or international regulations, or as a means of keeping intellectual property secure, encryption is the what provides that assurance.

Don’t Panic… Yet
Now, before you panic, encryption’s doomsday clock is not (as far as we know) ticking away its final seconds before catastrophe strikes. Best guess estimates are that quantum computing is likely at least five years away from becoming viable. But with so much at stake, there are consequences to the eventual obviation of encryption at the hand of quantum computing that must be considered. Most obvious are the efforts by NIST and others to come up with quantum safe cryptography standards.  Drs. Elgamal and Mosca reminded us that change takes time, so it is imperative that we assess our current use of public key cryptography to identify our weak spots, and begin the process of updating to modern algorithms available today–and to quantum-safe cryptographic algorithms when they are ready.  To procrastinate is human, but the security of our data and currency requires that we do not put aside the work until the last minute.

As with everything in technology, innovation happens, progress is made, and adjustments take place accordingly. Awareness and planning are always part of the planning process. This is an issue of personal interest to me and my company, and so Coviant Software will not be caught short.

If this is a topic that is of interest to you, I am scheduled to present one more time at the U.S. Fintech Symposium in Orlando. If you plan to be there, I’d love to host you then; or you can reach out to me here at Coviant Software.