Facing the security challenge of quantum computing [Q&A]
Now that we're beginning to overcome the obstacles to creating a commercially viable quantum computer it's important to consider the security threat that these vastly more powerful machines will pose.
Not least of these is the threat to encryption which puts everyone's online security at risk. We spoke to Nils Gerhardt, chief technology officer and head of product for Utimaco, to explore what a post-quantum future may look like.
BN: What threat does quantum pose to existing cryptography?
NG: People have compared it to the emergence of nuclear weapons and are warning of a 'quantum apocalypse,' but I think we need to be realistic about the real extent of this risk.
It is indeed the case that if commercially available, and relatively easy to use quantum computers appeared today then it would be a disaster: potentially, quantum computers can break the encryption that secures vital data and infrastructure in minutes rather than trillions of years. This could mean that millions of systems we rely upon every day would be compromised and the data we need to know is true would be up for question as nearly anything could be edited and confidential data could become public.
I would prefer to think of this way: what if we knew about a pandemic like COVID-19 decades in advance? We could use that head start to vaccinate the world, so that when it finally arrived there would be no negative consequences. That's the position we are in today: we know that if we do nothing the consequences will be disastrous, but we know exactly what needs to be done to prepare. Organizations like NIST have already identified quantum-resistant encryption, and companies like Utimaco have been integrating these algorithms into our hardware and software for many years, so many of the solutions we need are already available.
BN: How far are we from a post-quantum world?
NG: We truly don't know. The theory has been around since 1980, and basic quantum computers have existed for several years -- Google and NASA achieved what is known as quantum supremacy (being able to solve a specific problem that no conventional computer could) in 2019. This does not mean that we are within a few years of quantum computers being on desktops or breaking cryptography.
A key problem with quantum computers at present is their tendency to be inaccurate because of interference in the incredibly tiny, unstable ‘qubits’ that power them. Tiny fluctuations in temperature or electromagnetic interference can cause quantum bits to become corrupt, and the ways in which they can fail are much more complex than the relatively simple 'bit flips' in conventional computers, in which a zero becomes a one or vice versa and for which sophisticated error correction methods exist today. Being able to correct these errors would mean that quantum computers become much more usable and would reduce the need for them to be cooled to absolute zero.
While a few years ago the focus of quantum computer development was to build systems with an ever-larger number of qubits, today error-correction is the focus. The engineering challenges for this are significant, but in time they will be overcome. This could be as long as decades away or a single breakthrough could mean that usable quantum computers are available much sooner.
BN: What should organizations be doing now to prepare for a post-quantum world?
NG: The first piece of advice I could give would be to pay attention. Keep up with what is happening in the world of quantum computing as this will give you an idea of what is likely to happen next. News is always coming out about new developments, and these will guide you on what needs to happen now.
From there, it is important to understand how your company will fit into a post-quantum world. The first wave of quantum computers are likely to be used by state actors rather than criminal groups. This means that organizations that are likely to be targeted first in a conflict (even an undeclared, 'cold’ war') need to pursue quantum resilience as a matter of urgency. These include companies that work directly with governments and militaries, but also utilities, energy and infrastructure companies. Of course, it is possible that quantum computers may be so effective that any company will need to look seriously at their security sooner rather than later.
A major part of this is looking at how long data and hardware will be active for. A company that makes smartphones, which last on average two to three years, likely won’t need to think about securing these devices against quantum threats, while an automotive company whose products are likely to be on the road for a decade or more should take seriously the idea that their vehicles will still be active when quantum computers are a potential threat.
BN: What effect is quantum likely to have on development and the software supply chain?
NG: We will start to see quantum security go from practically science-fiction to a practical necessity in a very short time. The use of quantum-resistant algorithms in new technology is going to become much more common, especially in equipment that may be in the field for a decade or more.
We will also see a move to incorporate quantum security into existing systems. There are plenty of legacy systems, particularly in industries like payments, that are in use today and still will be in use a decade or more from now. These will need to be upgraded soon, in order to stay safe in the future.
Lastly, we can expect quantum security to become a 'must-have' when companies are considering which other companies to work with. OEMs will need to make sure that they are using the latest quantum-resistant security or risk being left behind as their customers start taking quantum security seriously.
BN: We've talked a lot about risk, what are the benefits of quantum computing?
NG: Potentially huge. Quantum computers aren't just going to be faster than conventional computers, they will be able to 'think' in ways that are profoundly different from the traditional silicon systems. Because they can leverage probability rather than be stuck with simple binary states, quantum software can solve problems like the 'Traveling Salesman Problem' that confound conventional computers. This problem gives a group of cities and the distances between them and asks the computer to try to find the shortest route between each of the cities -- as more cities are added it gets far more complex, to the point where there are trillions of possible routes. A conventional computer could 'brute force' a solution by testing each route individually, but a quantum computer can theoretically solve this problem far quicker because of the unusual properties of quantum mechanics. This could be used for anything from planning delivery vehicle routes to global logistics chains or even creating new drugs much quicker.
To be more accurate, we really don't know much more about the potential of quantum computers than Charles Babbage and Ada Lovelace did when they carried out the first tentative work on what centuries later would become computers. In the early days they may be conventional computers, but faster, but over the long term we really don't know what may be possible. This is frightening, but also tremendously exciting and opens up new opportunities.
Image credit: Elnur_/depositphotos.com