David Williams CEO and Founder of Arqit argues that organisations need to start thinking seriously about how they will mitigate quantum cyber attacks
The word ‘revolutionary’ is thrown around a lot in the IT world, sometimes relating to fairly minor, incremental improvements, sometimes to impressive leaps such as the hundredfold speed increase of 5G compared to 4G. But any previous concept of an IT revolution pales in comparison to the potential of quantum computing.
The rapidly evolving technology promises to deliver calculation speeds that are hundreds of millions of times faster than the best super computers using traditional methods – solving in seconds equations that would normally take thousands of years. This power has a limitless number of beneficial applications, from supercharging pharmaceutical research and development to pinpoint accurate weather forecasting.
As with all technological advances, in the wrong hands quantum computing also represents a serious threat. The incredible power of a quantum computer could crack even the most secure encryption like an egg, including methods like public key infrastructure (PKI) which are relied on for a wide variety of critical activities.
So how close is the quantum future, and should businesses already be preparing for the potential quantum cyber threat?
Computers as we know them work on bits that take on the value of either 1 or 0, leading to four possible combinations: 00, 01, 10, or 11. This fundamentally limits what can be achieved, no matter how powerful hardware gets.
Quantum computing is exponentially more powerful because it tears up this rulebook and goes beyond 1s and 0s. Instead of bits, the process uses quantum bits (qubits) which have the ability to exist as both 1 and 0 simultaneously thanks to a unique quirk of quantum mechanics.
We could talk about how exactly this works all day, but the result is a machine that makes the world’s best supercomputers look like pocket calculators.
One of the most striking examples is Google’s Sycamore, a quantum computer which completed a calculation so complex it is believed it would take IBM’s Summit, the most powerful supercomputer in the world, 10,000 years to solve.
Further, this breakthrough occurred two years ago, and the quantum computing field is moving incredibly quickly. The challenge here is that qubits are very hard to create and maintain as they require manipulating subatomic particles at extremely low temperatures.
Leaders in the field such as Google and IBM are swiftly increasing the number of qubits that can be created and sustained, and there are many innovative start-ups making rapid progress in the field.
It is believed RSA-2048, one of the most widely used forms of PKI encryption, could be cracked with as few as 2,000 logical qubits. At the rate the technology is developing, we anticipate this level of quantum computing being feasible within the decade, and perhaps in as little as five years.
As we have seen time and time again, it never takes long for criminals to take advantage of new technology. The expense and resources required to create a quantum computer means they will be limited to high-level nation state actors at first, with finance, government and critical national infrastructure being the most at risk. But it is likely that the technology will then trickle down to other threat actors as it becomes more accessible.
So, how can organisations stay secure when quantum computers will render their best defences trivial?
Unstoppable force meets immovable object
A quantum-powered attack demands a quantum-powered defence. In the same way that we study a pathogen to create its antidote, transformational quantum encryption techniques can be used to create keys that are safe from quantum attack using a completely new class of crypto system.
The solution comes in two phases:
This revolutionary tech takes “root source” quantum keys that are stored in data centres and uses them as an ingredient in a novel process whereby two or more end point devices create symmetric encryption keys locally. This process is both zero trust and computationally secure.
Today, the root source keys are created with quantum random number generators and sent to data centres globally using terrestrial digital methods. This is secure enough to allow the end point software to do its job in a very secure way.
However, the next two years will see the launch of quantum satellites using a new protocol which solves all of the known problems of Satellite QKD. Those satellites will then take over the task of distributing the root source keys into data centres, and at that point the entire network end to end becomes fully quantum safe – in plenty of time before quantum computers are big enough to break RSA.
This approach is also hugely beneficial even before quantum attacks become a reality, as it delivers stronger, simpler encryption that defends against key threats such as ransomware. It also solves all of the issues legacy encryption techniques, such as the need to transport high-end cryptographic keys manually. The process is also scalable for any use case, including IoT sensors, blockchains, regional networks and mobile devices.
While the quantum future may seem like a distant prospect, it will be here sooner than many realise. Government organisations such as NIST are already warning that firms should now be creating plans for replacing any hardware, software and services that rely on PKI. If they do this then then they won’t be caught out when quantum becomes a reality.
David Williams is CEO and Founder of Arqit
Main image courtesy of iStockPhoto.com