The Quantum Threat
What is the Quantum Threat?
The world's data is currently protected as it moves across the internet by public key encryption algorithms such as RSA, Elliptic Curve and ElGamal. These algorithms revolutionised information security and have served the world well, enabling digital commerce, secure communications and remote access to financial services. Unfortunately, just as the code breakers of World War 2 built early computers to defeat Enigma, so a new technological risk has emerged.
Quantum computers can break current public key encryption. These devices are commercially available, and code-breaking versions are close behind. Rapid progress in their development means that they are now a business risk, one requiring mitigation strategies today. Information that needs to be secure in 5 years or more needs to be protected now.
The risk of quantum code breaking is so pressing that the US National Institute of Standards and Technology (NIST) has launched a process to develop the next generation of cryptography. Post-Quantum is the last commercial business in the competition.
Countdown to Quantum
In 2014 the National Institute of Standards and Technology (NIST) suggested that a quantum computer capable of breaking 2000-bit RSA would be built by 2030. Since then, large tech companies including Google, IBM, Microsoft, and Intel have committed tens of millions of dollars to the race lead in the quantum space. Alongside this, venture capitalists have invested over a hundred million dollars in quantum computing start-ups. The private sector is showing confidence in the field.
Compounding this commercial activity, the National Security Agency (NSA) warned in 2015 that progress in quantum computing had reached a point that organisations should deploy encryption algorithms that are thought to withstand attacks from such machines.
We expect an organisation to announce quantum supremacy – the point at which a quantum computer’s capabilities exceed those of classical computers, predicted to be around 50 qubits – in the next few years.
These developments have implications for data encrypted today for security. Today, there is some comfort for businesses in knowing that sensitive data, if encrypted, is safe even if it is stolen. The prospect of code-breaking quantum computers changes this risk profile: encrypted data lost in a breach this year could be accessed in the future. We know that some data is cached today with precisely this in mind.
Sensitive or confidential business data may have a lifespan of 5, 10, even 20 years. Certain data remains of value to a competitor many years after its creation, whether it covers R&D in a pharmaceutical business, geological surveys in the energy industry, trading data in financial services, or budgeting, strategic plans, and personal information in professional services.
Similarly, the lifetime of certain equipment and devices (especially those part of the Industrial Internet of Things), as well as (autonomous) automobiles and logistics vehicles means that particular consideration of the quantum computing threat is needed. All communication with these, whether for gathering data or updating software remotely, must be protected from code-breaking quantum computers, since they will continue to be in operation years beyond even conservative estimates for quantum’s emergence.
We help organisations meet these challenges, with quantum-resistant encryption that can be deployed in today’s networks and commercial products, replacing or complementing existing systems.
Blockchain and Cryptocurrencies
Blockchain and cryptocurrencies are seen as revolutionary developments in secure data storage and finance. These technologies are built on public key encryption however. Quantum computers put these systems at risk. Post-Quantum is working on the next generation of quantum-safe cryptocurrency wallets and blockchains.