It is now a question of when and not if quantum computers will break encryption. How can businesses be prepared?
Harnessing the power of quantum computers will catapult us into a new era of discovery. They will revolutionize our understanding of medicine, artificial intelligence, and chemistry. One day, they may even be powerful enough to map out our entire universe.
But there’s a catch. As quantum computers provide us with almost unthinkable processing power, they will threaten the systems that have protected our data for decades. Bank details, trade secrets and even state secrets will be left defenseless, able to be hacked, stolen or tampered with in the blink of an eye. So how can we prepare ourselves?
What is a quantum computer?
Unlike classical computers (the computers in operation today), quantum computers use the properties of quantum mechanics to process and store information. In practice, this means faster and more powerful processing power, as well as a different computational approach to solving problems.
So what makes quantum computers a threat to the security of our data? Many popular methods of cryptography used today (like RSA encryption) are based on complex mathematical problems known as factorisation; that is, breaking down extremely large numbers into their factors. While classical computers are technically capable of performing these feats, it is nearly impossible in practice- even today’s most advanced super computers would take years to crack just one piece of encryption.
The arrival of mainstream quantum computing will change this. Thanks to the development of a specialist algorithm by mathematician Peter Shor, quantum computers have been shown to be theoretically capable of solving complex factorisation problems in not years, but seconds- meaning that the defences we have built around our data will crumble. In the short term, the risk is minimal; the quantum computers that we have today are mostly consigned to laboratories, and simply don’t possess the stability or processing power to perform meaningful calculations. In the longer term, the consequences could be catastrophic. So what can be done?
Thinking outside the box
To face the quantum threat, we may not need to look beyond classical computers for answers. Researchers have identified a variety of potential alternatives to factorisation-based cryptography which are already available today; key contenders include lattice-based, code-based or multivariate cryptography. Unlike cryptographic methods such as RSA, these are based on different mathematical problems which quantum computers are (in theory) not equipped to solve- making them “quantum proof”.
However, these are not necessarily clean fixes. Alternatives are typically inefficient when compared with current methods of cryptography; they often have large key sizes and require more computational power to support. Few are currently appropriate for widespread adoption, and more research will be required to prepare them for the mass market. Additionally, adopting any of these forms of cryptography carries risk. While research currently indicates that they would be resistant to a quantum attack, this hypothesis may be wrong- future developments in quantum computing could mean that these cryptographic systems too become irrelevant.
One guaranteed quantum-proof cryptographic system is available to businesses: quantum key distribution. This method of cryptography capitalises on the properties of quantum physics to create a revolutionary method of securing data, hiding information in light particles and transmitting it between sender and receiver. Any hacker who attempts to access the information as it is in transit interferes with the quantum state of the particles, damaging the information stored within and alerting the receiver to the presence of the hacker. This makes quantum key distribution the first method of cryptography that is truly unbreakable.
So why aren’t businesses rushing to implement it? First, like any quantum technology, it is extremely unreliable and prone to fault; even small disturbances in the surrounding atmosphere can create errors in transmittance. Moreover, the infrastructure necessary to support quantum key distribution is currently lacking. End to end broadband fibre is required for transmittance, meaning that large areas of the UK (and the globe) are currently off the quantum grid. These challenges make it an unviable commercial solution in the short term. Moreover, even if these problems can be overcome, quantum key distribution still faces some fundamental limitations; it tackles only a small part of the challenges faced in cryptography, and is unsuitable for certain processes that complex, modern technologies require (such as identity verification or access control).
The quantum computers we have in operation today are little more than toys, prone to instability and with very little processing power. By contrast, the power required to perform the kind of complex calculations required to break modern day encryption is immense. Only a machine with 4000 qubits or more would be able crack a standard RSA encryption code; the largest we have today is 72 qubits. It is unlikely that we will see a quantum computer with this kind of power for at least 15 years.
However, those businesses who plan for this eventuality now will be well served in the future. There is no easy solution to the challenge that quantum computers pose to our security, and the road to secure cryptography is likely to be rocky. Many of the alternative, quantum-proof defenses are imperfect, inefficient and untested; they will likely require a significant investment of time, research and money to implement and perfect- entire systems may need to be rebuilt from the ground upwards to combat this threat. Without this investment, some may be caught by surprise- with potentially disastrous consequences.
Watch Alex Henneberg talk about Quantum Computing and the potential benefits and risks it brings with its application