The security threat of quantum computing is real, and it’s coming fast

security threat quantum computingThe threat quantum computers pose on encryption is weighing on the minds of some of the world’s most technologically advanced nations: In 2016 alone, the EU announced a $1.13B investment in the discipline, the UK pledged nearly $300M, Australia put in $25M and Canada devoted $50M. Why? These world powers acknowledge the swift progress being made towards quantum computing that threatens traditional encryption. They’re right to be investing now: Once that technology exists, everything stops.

The moment quantum computers succeed in cracking today’s most prevalent encryption techniques – like public and private keys – security breaches won’t be isolated incidents that only affect a few million people or vulnerabilities that result in a minor chink in security’s armor. If the technology’s path of innovation continues at its current pace, quantum computers will soon render today’s cryptography completely vulnerable.

Here’s how

Quantum computers pose a danger to how cryptography secures information on either side of a communication – whether that’s in a messenger app, a financial transaction, a flight plan or an intelligence directive. Traditional mathematics-based cryptography – known as public key cryptography – secures data using a set of public and private keys, a set of numbers used to facilitate communications. A public key is built with the expectation that it may be widely distributed, but private keys are engineered to be specific to a user. Private keys are calculated mathematically, with the parameters selected specifically so that calculating the private key from the public key is unfeasible.

There are so many possible results for calculating a private key that it is currently impractical for outside parties to attempt to solve the calculation. That’s also where the vulnerability to quantum computing lies.

What is vulnerable to quantum computing?

Quantum computers excel at processing numbers very quickly. They can operate exponentially faster than traditional computers. Researchers are making tremendous progress towards developing a computer that works quickly enough to make decrypting a private key a reality. Advancements in quantum computing are happening so rapidly that this capability could be only five or ten years away.

This isn’t simply a matter of upgrading your system and being safe again — traditional encryption will fail to be effective entirely. Payments will no longer be able to be processed securely, because there will be no way to authenticate if a transaction is being received by the chosen recipient or by criminals. Banks will no longer be protected, and nor will cryptocurrency. The power grid will be vulnerable to access from anywhere in the world. Planes won’t be able to fly without uncertainty because the messages air traffic controllers receive could be coming from anywhere. This isn’t a vulnerability that will only affect the intelligence community and cybersecurity experts – even social media platforms and messaging systems like WhatsApp rely on public key cryptography to authenticate users.

Why is this important now, when technology has not yet advanced to that point? Organizations, including governments, are currently collecting encrypted information. If the information will still be relevant when the technology does advance to the point where it can break encryption, that data is vulnerable. In the business sector, the collected information could include financial and personal information on customers, client data, banking records, intellectual property and trade secrets. In healthcare, it could be insurance information, medical history and risk profiles or even entire genomes. In government, the vulnerable information could be anything from private communications to confidential state intelligence.

The resulting picture is grim and explains why titans of industry and vanguards of government alike are scrambling to address the coming threat of quantum computing. The classic challenge of digital security is the range and scale of threats systems face every day. Teams are working with a limited amount of time and money, and the most immediate threats are often the ones that take priority. But making technology quantum-safe isn’t a quick fix that only takes an overnight upgrade. It requires a new approach to keeping information safe.

How to answer the security threat of quantum computing

Addressing this vulnerability will either require advancing traditional math-based cryptography to a point where it isn’t susceptible to quantum computing, finding a new approach that doesn’t rely on mathematics, or pursuing a combination of the two. The advantage of math-based cryptography and software-based security — known as quantum resistant algorithms — is that it is more agile, adaptable and able to fit the needs of many different applications easily. Conversely, this malleability makes it vulnerable to future attacks based on classical or quantum computing.

Alternatives to math-based methods include cryptography that draws from physics to maintain security. Think of a communication system as a tennis match. The information is written on a tennis ball and send from the emitter to the receiver. In a traditional cryptography system, an adversary could intercept the ball and read the information. Quantum cryptography is like a tennis match with soap bubbles. If someone tries to intercept one, it bursts and the communication is perturbed. It can’t be stolen, calculated from an algorithm or used again – the system remains safe. The advantage of physics-based cryptography is its power as a long-term solution to future-proof core networks and infrastructure, like the power grid. The downside is the costs and application constraints that make its field of application more limited.

If we are to avoid the grim future described above once quantum computers advance to a level where they can crack private keys — both math-based and quantum-based cryptography – will have a role to play. Businesses and governments must act now to secure information that will still be relevant in five or ten years when their technology is vulnerable to quantum computers. That means investing in quantum-safe communication infrastructure and not putting this off just because it isn’t a threat today. Ignoring quantum computing’s looming threat is like ignoring a tsunami warning because your roof has a leak. Addressing this problem now is the only way to ensure you have a house left at all when quantum computing reaches the shore.

Dr. Gregoire Ribordy is an an elected member of the European Commission Quantum Flagship Project.