If you’ve followed us for very long you know we have a keen interest in quantum computing and, specifically, the development of encryption algorithms that can keep data safe in a post-quantum world. safe encryption. Encryption is foundational to the security of our products and to the security of the data our customers send, receive, host, and retrieve. We are committed to being ready to support a post-quantum encryption standard as soon as it is practical to do so.
We read a lot of trade and academic articles and papers on the issue of post-quantum encryption. I have even moderated panel discussions with noted experts on the topic. I believe that a viable quantum computer will be developed sooner rather than later and as developer of a secure managed file transfer platform, it’s our responsibility to track progress and keep current with developments that are important to our product and our customers’ security. And so, I was surprised to see the topic covered in the scientific journal Nature.
No Secrets in a Post-Quantum World
The article, entitled “Keeping secrets in a quantum world,” is a surprisingly accessible treatment of post-quantum cryptography that includes excellent descriptions of what cryptography is and how it works, what quantum computing is and how it works, and why a quantum computer will render current encryption schemes impractical for keeping systems and data safe.
Today’s encryption is based on complex mathematical problems that, without the right key, would theoretically take billions of years for current computer technology to solve. However, as the article explains, the way a workable quantum computer processes information is fundamentally different and exponentially faster.
“These hard-to-solve problems will suddenly become child’s play. RSA, an encryption scheme that allows systems to share keys, could take a classical computer most of the lifetime of the Universe to reverse-engineer. A quantum computer, researchers estimate, could do the same job in 8 hours.”
That kind of power means no data would be safe. Indeed, it is believed that state intelligence agencies are actively collecting encrypted data that they believe they will be able to decrypt once quantum computing is available to them.
Weaponized Quantum Computers
More troubling, the power of quantum computing that will one day offer numerous opportunities to improve our world, ranging from better weather forecasting, to solving traffic pattern problems, and boosting the already substantial capabilities of artificial intelligence will also be available as an attack platform used to attack digital infrastructure and to conduct cyber warfare.
It is important to remember that people often think of cryptography only in terms of securing encryption, but all aspects of digital identity management are based upon the same cryptography. That is why quantum computers pose a threat to user identification. It will become easy to impersonate another’s identity, whether it is the SSL Certificate that identifies a server, or the identifier for your digital wallet, or credentials that you supply to a server to authenticate yourself.
There’s Still Time
The good news is that, even with all the money, time, and smart people researching and developing quantum computing, the “near future” of a post-quantum world—while inevitable—is still many years away. In a panel discussion I moderated with Dr. Michele Mosca of the Institute for Quantum Computing, he stated that the likelihood of quantum computing becoming a real, usable threat to cryptography is at least a 50% likelihood in ten years. But once the challenges for achieving qubit stability are solved, it’s Katie bar the door! and things will progress quickly.
Given the slow pace of change in anything we humans do, this suggests that we really should be looking at safeguards now to prevent being at risk when viable quantum computing arrives. That is why the National Institutes for Standards and Technology (NIST) and other private, academic, and governmental organizations are looking into quantum-resistant cryptographic algorithms. Unfortunately, this is a complex problem and not many people really understand the complexities and mathematics sufficiently to address the problem. Many promising candidate algorithms have already been cracked, and so work must continue.
Until then, it’s important that the technology community keep abreast of developments in quantum computing’s progress, identify the areas where cryptography is used in products and organizations, establish a plan for quickly adopting and supporting strong post-quantum cryptography when it is available. Reacting at the advent of the post-quantum age will cost valuable time if preparations are not made in advance.