Security in the impending age of quantum computers

Quantum computing is poised to be one of the most important technologies of the 21st century. With global governments having collectively pledged more than $38 billion in public funds for quantum technologies and $2.1 billion of new private capital flowing to quantum companies in 2022, quantum technologies, particularly quantum computers, are rapidly moving from the lab to the commercial marketplace.

By leveraging the principles of quantum mechanics, quantum computers have the potential to perform certain computations exponentially faster than classical computers. From drug discovery and modeling chemical reactions to optimization problems and emissions reduction, quantum computers are poised to revolutionize various industries and accelerate global scientific progress.

In addition to these use cases, quantum computing is particularly important to the cybersecurity community. That’s because a future quantum computer of sufficient size and efficiency could crack current encryption schemes and jeopardize all information and communications currently protected by such schemes (public-key encryption enables more than 4.5 billion internet users to securely access 200 million websites and engage in $3 trillion of retail ecommerce each year).

On the opposite side of that coin, certain quantum technologies can strengthen existing encryption and power an estimated $30 billion quantum cybersecurity market by the end of the decade.

Quantum technologies are, therefore both a sword and a shield for cybersecurity. Thus, organizations and governments must invest in quantum offensively and defensively to adequately protect our data from the threat that quantum computers pose to current encryption schemes and take advantage of extremely strong cybersecurity solutions over the long term.

Quantum computing as a sword

Today’s public key cryptography that secures much of our communications and data relies upon math problems that are extraordinarily difficult for classical computers to solve. But a quantum computer running a dedicated algorithm (such as Shor’s algorithm) will likely be able to extract the encryption key and decrypt the underlying data in a reasonable time interval. Thus, any system using public-key encryption will be vulnerable to an attack by a quantum computer.

The timeline for developing a cryptographically relevant quantum computer is highly contested, with estimates often ranging between 5 and 15 years. Although the date when such a quantum computer exists remains in the future, this does not mean this is a problem for future CIOs and IT professionals. The threat is live today due to the threat of “harvest now, decrypt later” attacks, whereby an adversary stores encrypted communications and data gleaned through classical cyberattacks and waits until a cryptographically relevant quantum computer is available to decrypt the information. To further highlight this threat, the encrypted data could be decrypted long before a cryptographically relevant quantum computer is available if the data is secured via weak encryption keys.

While some data clearly loses its value in the short term, social security numbers, health and financial data, national security information, and intellectual property retain value for decades and the decryption of such data on a large scale could be catastrophic for governments and companies alike.

To address this threat, the National Institute of Standards and Technology (NIST) has been working since 2016 to identify and select a set of cryptographic algorithms that are theoretically resistant to attacks from quantum computers and classical computers. NIST released draft standards for the first three algorithms in August 2023 and is currently accepting comments until November 22, 2023, before finalizing the standards in 2024.

We have seen significant action from the Legislative and Executive branches of the US government to push the public sector to migrate to post-quantum cryptography (PQC) algorithms as soon as they are standardized.

In May of 2022, President Biden released a national security memorandum (“NSM-10”) outlining efforts to protect US government assets from the quantum threat. NSM-10 states that the goal for the US federal government is to move “the maximum number of systems off quantum-vulnerable cryptography within a decade of the publication of the initial set of standards.”

In December of 2022, President Biden signed the Quantum Computing Cybersecurity Preparedness Act requiring federal agencies to migrate information technology systems to post-quantum cryptography. This will be impactful for government agencies as well as companies that do business with the federal government, especially those providing IT services.

Both government actions seek to align the federal government to the NIST PQC algorithms with a goal of completing as much of the migration as possible by 2035.

This is an aggressive timeline. Historically, major cryptographic transitions can take years and even decades to complete. Starting the migration process now gives organizations the chance to put in place protections before cryptographically relevant quantum computers become available. The PQC migration is likely to be a long and resource-intensive exercise and will require “cryptographic agility” to shift IT systems to the final standards, provide flexibility among the algorithms, and protect data with minimal disruption.

Although NIST’s algorithms are not yet standardized and we likely remain years away from a cryptographically relevant quantum computer, the time is now to:

1) Begin inventorying cryptography systems that will be vulnerable to future quantum attacks
2) Develop “Quantum IQ” across your organization by exploring the benefits and risks that quantum technologies will pose for your business
3) Review the NIST post-quantum algorithms and create a strategy for cryptographic agility that will allow you to shift your systems to the final standards and protect your data with minimal disruption; and
4) Identify partners established in the quantum ecosystem who can guide you through the transition to quantum-resilient cybersecurity while protecting data from both classical and quantum cyberattacks.

At Quantum World Congress James Kushmerick, director of the Physical Measurement Laboratory at NIST, stated “the sooner we get this out, the better off we’ll be whenever a cryptographically relevant quantum computer is developed.” This will be a long process and government agencies and the private sector must begin the hard work of inventorying data and putting together a plan for PQC migration and cryptographic agility now to adequately prepare for the threat.

Cryptographic agility is particularly important given that one of the then-leading PQC candidates, Rainbow, was broken in 2022 by a laptop. While migrating to PQC algorithms is extremely important (and will likely be required for government agencies and their private sector contractors), these algorithms are still based on math problems and there is a chance that they may be cracked in the future, requiring new algorithms to be integrated. The ability to implement seamless updates will be important for organizations to maintain trust and ensure the integrity of cryptography, against threats both classical and quantum.

Additionally, cryptographic agility will provide organizations the freedom to assess and test quantum-leveraged cybersecurity solutions such as quantum-hardened keys and quantum key distribution (QKD) as part of an “all of the above” approach to cybersecurity in the quantum age.

Quantum computing as shield

As discussed above, PQC is a necessary start for cybersecurity in the quantum age. However, it is not a panacea to the threat posed by quantum computers.

Given the scale of the threat that future quantum computers are likely to pose to encryption, a defense in depth approach will be necessary. This layered approach will deploy PQC algorithms alongside tools that leverage quantum mechanics to offer stronger security guarantees. Such technologies include quantum computing-hardened and non-deterministic processes for encryption key generation and QKD.

Encryption keys are the basis of all cryptography and classical and PQC algorithms both rely on properly secured keys. One of the benefits of quantum is that it is fundamentally unpredictable and applying the power of quantum computers to harden encryption key generation can protect sensitive encrypted data and communications against current and emerging threats.

Furthermore, these provably unpredictable keys can maximize the resilience and lifetime value of existing critical technology infrastructures. Such quantum-computing-hardened keys are available today and offer a stronger alternative for key generation.

Rather than relying on math problems, QKD relies upon quantum mechanics to protect communications. With QKD it is possible to exchange a key and prove that it has not been intercepted by anyone as the attempt to measure the communication by a potential eavesdropper alters the quantum state. This guarantee will last forever, meaning that once a key is exchanged, it is safe, even if encryption algorithms are broken. Importantly, QKD protects against classical attacks such as man-in-the-middle attacks as well as attacks from a future cryptographically relevant quantum computer.

QKD is a complex technology that requires a significant amount of hardware and infrastructure to adequately generate the quantum states that make it valuable for the future of our cybersecurity. Researchers and industry are working to overcome these challenges and further commercialize and deploy QKD “in the field,” but its range and commercial implementation remains somewhat limited.

The National Security Agency (NSA) has issued guidance which did not recommend QKD technologies for securing the transmission of data in national security systems today. However, as the technology continues to advance, QKD has the potential to offer the next generation of cybersecurity and provide a uniquely quantum method for securing communications that will stand to greatly benefit military and civilian networks alike. When combined with PQC algorithms, these quantum-derived technologies can provide a layered approach to cybersecurity that further protects data and communications.

By considering how quantum-hardened encryption keys and QKD can fit into their quantum readiness strategy alongside PQC, organizations will be better prepared for that unknown day in the future when a cryptographically relevant quantum computer becomes available. These technologies are complementary rather than opposed to one another and are all critical pieces of the cybersecurity puzzle in the quantum age.