Don’t panic, but it's time get moving says Duncan Jones, head of quantum cyber security at Cambridge Quantum Computing
Quantum computers will be game changing in areas such as machine learning, but organisations really need to start looking into how to protect themselves against the threat to encryption, says Duncan Jones, head of quantum cyber security at the firm Cambridge Quantum Computing.
This interview was conducted before the announcement that Cambridge Quantum Computing is to be acquired by Honeywell.
As everyone and their security-conscious dog knows by now, when quantum computers arrive it's game over for the internet as we know it. Ecommerce, online banking, private communications and many other online activities we all take for granted will no longer be anything like secure. To bring the classic 1993 New Yorker cartoon bang up to date, on the post-quantum internet, everyone will know you're a dog, security-conscious or not. And a lot more beside.
Data stores, private messages, historic archives and records - anything that was once protected with RSA or ECC algorithms will be naked for all to see as these fortifications crumble before the massively parallelising might of quantum computers, which can essentially try all potential keys at once.
Everyone should know this, but there's a remarkable lack of urgency, given that a commercial quantum computer capable of such feats is likely just a few years away, and, as a worst-case scenario, a secret government one could arrive before that.
In 2013 Professor Michele Mosca of the University of Waterloo in Canada and someone who has been alert to this problem for a long time, came up with a simple formula to illustrate the issue:
If x + y > z then it's time to worry.
Here x is the estimated safe lifetime of current cryptographic keys, y is the time required to replace existing infrastructure with quantum-safe alternatives, and z is how long we have left before a large-scale computer running something like Shor's encryption-cracking algorithm becomes available.
The trouble is, z is out of our hands (but years left to act may be countable on one hand) and y is difficult to quantify without a thorough investigation. How many organisations know which public key encryption algorithms are protecting the software they are using, for example?
The US Institute of Standards and Technology (NIST) lists a few of the places where public key cryptography (the main current implementations of which are vulnerable to quantum computing) are found: operating systems, applications, communications protocols, key infrastructures and access control mechanisms, with uses including digital signatures, identity authentication processes used to establish an authenticated communication session, key transport of symmetric keys (not vulnerable to quantum computing per se, but much less convenient to use safely) and privilege authorisation processes.
This list is long and broad, and it's doubtful that most organisations will have much idea about all the places where vulnerable cryptosystems are present in their IT stack, but it's time they start finding out, says, Duncan Jones, head of quantum cyber security at the firm Cambridge Quantum Computing.
"We work very closely with quantum computing vendors like IBM and Honeywell and there's certainly no danger that they're going to miss their targets [for creating a commercial general quantum computer]. If anything, it feels like things are accelerating," he said.
While there's no need to panic just yet, the window to audit what you have and looking at options to replace vulnerable systems is closing, said Jones.
"The switchout is not a completely trivial, its not going to be an overnight project to do it," he explained. "I have no real concerns that people will be successful in the long term, but early experimentation is going to be necessary."
Initial steps will depend on the organisation and how close it is to its systems. Organisations that develop their own software should start experimenting with the seven NIST Post-Quantum Cryptography Standardisation algorithm finalists and building proofs of concept, combining post-quantum with classical algorithms so as to make the switchover less jarring when the time comes. While each post-quantum algorithm has use-case related strengths and weaknesses, all the finalists have been thoroughly tested and all are based on mathematical principles that go back decades. While they may lack a little implementation polish, they do work.
The first movers, many of whom have already started this process despite the current lack of standards, will be in finance, government and telecoms - sectors that traditionally have had to keep security to the fore. The process of evaluating encryption trade-offs will be familiar to these organisations, said Jones, but others should start considering their options.
Meanwhile, he urged, companies that rely mostly on third-party software need to start demanding action from their suppliers: "they should hammer on at their vendors to say look, what are you guys doing about this quantum threat to me?"
Another area requiring attention is the generation and distribution of encryption keys. Quantum computers are exceptionally good at spotting patterns, and classical computers are exceedingly bad at true randomness, generating encryption keys that are somewhat predictable and therefore vulnerable, particularly in the quantum age. Quantum key distribution (QKD) and quantum random number generation (QRNG) systems address this problem but the NCSC has been critical recently of the QKG and QRNG solutions on the market, saying it would not endorse their use for government or military applications.
According to Jones, with the disclaimer that this is the business of his company, perfect randomness is now possible and consumable by businesses by generating the keys using a cloud-based quantum computer. This, together with the availability of post-quantum encryption, means the problem is perhaps a little less scary that it might appear: "To be honest I think my message here is, is that this isn't a fundamentally a problem for the world at large."
While, much of the focus of the power of quantum computers has been the threat to traditional cryptography, it promises to revolutionise any field in which probabilistic pattern matching is important.
This includes Monte Carlo simulations and machine learning algorithms, to which Jones expects quantum computing will be applied very soon.
"It's not just cybersecurity and nothing for a decade, I think machine learning and machine learning and optimisation problems will be quite early on. I think quantum chemistry and material discovery will be probably a little bit later; natural language processing might be later still, but they're all coming, and everything I see suggests this really is going to be game changing."
On June 8th Honeywell and Cambridge Quantum Computing announced they would merge top form what they claim is the world's largest standalone quantum computing company.