The world is on the cusp of a revolution in quantum technology. Investment in quantum R&D reached $1.7bn in 2021 – a 20 times increase from five years prior, and in 2022, US quantum startups raised $870m – double what they’d raised in 2020.
In March of 2023, the UK government launched its much-anticipated National Quantum Strategy with a landmark investment of £2.5bn, highlighting the important role that quantum technologies will hold for the UK’s future growth and global competitiveness.
But with the quantum opportunity comes a threat. Quantum computers will have the power to solve computational problems that were previously thought impossible, posing a significant security risk as traditional encryption methods used to protect virtually all of the world’s sensitive information are rendered obsolete.
Governments are taking note and in 2022, the White House enacted the Quantum Computing Cybersecurity Preparedness Act to lay the groundwork for a transition to quantum-secure cryptography.
The quantum threat takes different forms
Important and sensitive data, even when encrypted, is constantly being stolen and stored by bad actors who hope to decipher it one day. This is known as a ‘harvest now, decrypt later’ attack.
When powerful quantum computers arrive, all our data will be vulnerable to this kind of retrospective attack. According to the US National Academy of Sciences, an initial quantum computer prototype capable of breaking current encryption methods could be developed in the next decade.
For nation states, the intelligence value of reaching this threshold is almost impossible to quantify. NIST says that once this threshold has been crossed, ‘nothing can be done to protect the confidentiality of encrypted material that was previously stored by an adversary.’ That’s why data needs to be protected with quantum-resistant encryption today, even before these machines are a reality.
According to Booz Allen Hamilton, ‘the anticipated cracking of encryption by quantum computers must be treated as a current threat.’ Only late last year, top former US national security officials including the Deputy Director of National Intelligence, warned the world that the danger of these types of retrospective attacks was ‘immediate.’
There has been a lot of focus on new cryptographic schemes and algorithms to combat the quantum threat, but the methods by which these are securely implemented also need to be considered. For example, the techniques for guarding against side channel attacks also have to be significantly evolved, tested and validated before critical devices can be considered quantum-secure.
Post-quantum cryptography (PQC)
The threat of such an attack is credible enough that the NSA and other government agencies across the world have warned that ‘we must act now’ to prepare for it.
In 2016, NIST initiated a process to define new, quantum-ready cryptographic standards to replace those vulnerable to quantum attack. In July last year, it picked a handful of diverse algorithms to standardise, with more to be announced in the future.
Because the future capabilities of quantum computers remain an open question, NIST has taken a variety of mathematical approaches to safeguard encryption. Each approach has different characteristics in terms of its practicality, implementation and design that make them suitable for different use cases.
Preparing for PQC
NIST is unequivocal that businesses should begin the transition to PQC now: ‘It is critical to begin planning for the replacement of hardware, software, and services that use public-key algorithms now so that the information is protected from future attacks.’
Of the data your company holds, work out what needs to be kept confidential. The answer will help you prioritise systems for upgrade, starting with those most vulnerable to attack. Depending on your sector, different operational systems and aspects of the supply chain will take priority. For example, healthcare businesses need to prioritise electronic medical records (EMR), patient monitoring and prescription issuing systems, while energy firms should focus on grid control, generation plant control, and energy discovery data collection systems.
CISOs should also establish a realistic timeline for their company’s path to migration. For many organisations, a straightforward option will be integrating hybrid cryptography solutions. NIST has recommended combining FIPS 140-3-certified solutions with one or more post-quantum candidates for standardisation to gain the quantum-resistant assurance of PQC algorithms while keeping solutions FIPS-certified.
The fact of the matter is that quantum computers will soon become a reality. The threat will impact us all, so the best way to deal with this is through preparation today.
Ali El Kaafarani is CEO of post-quantum cryptography company, PQShield, and research fellow at the University of Oxford’s Mathematical Institute. He holds a PhD in cryptography from the University of Bath.