Quantum Future and the Quantum Arms Race

30 June 2021 Foley Launch Blog
Authors: Louis Lehot

This article was originally published at Data Driven Investor on June 30, 2021.

Quantum computing is a perennially hot topic in science and technology, with many researchers and companies scrambling to build the first truly practical quantum computer. But as with many technological advancements, the complex jargon can easily obscure the big picture. In cybersecurity, the quantum arms races consists of three fronts: quantum computers, post-quantum cryptography, and human users.  With help from our friends at Aimava, we will explore these topics at a digital summit with leading thought leaders, corporations and investors on the future of quantum computing in July.

Quantum computing offers the possibility of solving problems that conventional computers cannot, at least not in a reasonable time frame.  Modern information technology relies heavily on cryptography that in its current state could be easily broken with a fully functioning quantum computer.

Typically, modern cryptographic keys are created by multiplying very large prime numbers to create even larger composite numbers.  Multiplying is easy for a computer, but reversing that operation—factoring—is computationally difficult for the systems that we use today.

A key can be broken if the factors can be determined.  The exact cryptographic implementations are, of course, more complicated, but this basic mathematical unidirectionality underlies much of the cryptography that secures the Internet today.  Obviously, security is important not just to individuals and companies but also to governments.  The combined computing power of the entire planet would require billions and billions of years to crack properly implemented cryptographic keys, and the algorithms have been tested and retested for long enough that we can be reasonably sure that someone will not find a significant shortcut.

However, a quantum computer could make certain kinds of problems feasible to solve.  By using the oddities of quantum mechanics, a quantum computer could (at least theoretically) factor a transport layer security key in a trivial amount of time.  Again, quantum computers have many other potential applications, but cryptography is a major one with serious financial and geopolitical consequences. This is highlighted by the recent increase in cybersecurity attacks, the scale and frequency of which has significantly superseded prior records. We’ve seen that sophistication of attacks has increased as bad actors are able to harness new technologies such as artificial intelligence and machine learning. One can only imagine the terrifying implications for cybersecurity if these bad actors were able to apply quantum computing to their attacks.

As practical quantum computers edge closer to reality, others are developing algorithms that are intractable even for quantum computers.  Given the massive implications for cybersecurity and cyberwarfare, businesses and nations cannot afford to ignore quantum computers and post-quantum cryptography.  Being able to break today’s common security algorithms has severe implications for security and legal compliance. It can also have devastating consequences on the business itself, including regulatory fines, costs of remedying the breach, reputational harm, and potential consumer litigation.

There has been a steady increase in the number of quantum computing startups as well as venture funding in quantum computing. On the other end, tech giants such as Intel, Google, IBM, Microsoft, and Amazon are investing resources in quantum computing technology. Google started experimenting with post-quantum cryptography in Chrome back in 2016, and PQShield, a startup developing quantum-resistant security tech, raised $7 million last year.  Just recently, Honeywell and Cambridge Quantum Computing announced a new partnership to leverage their respective expertise in quantum hardware and software.

Quantum computing will be a gamechanger if (or when) it comes to market, and post-quantum cryptography is a necessity as a result.  In fact, highly sensitive data should probably be migrated to quantum-resistant algorithms as soon as possible.  But no matter how good encryption is, the human element is often the weakest link.  It’s worth paying attention to ways companies are using to make humans more secure.  For example, years ago, Google started requiring its employees to have physical security keys, and since then it has not suffered a breach from phishing attacks.

In a post-quantum world, not only will technical controls be important elements of cybersecurity, but organizational measures and operational considerations will also be necessary. No matter how secure a system is, users are almost always weak points, so while the quantum arms race heats up, it will be important for companies to develop and implement access controls to make users less susceptible to security breaches. As the sophistication of bad actors increases, companies will likely need to bolster both internal and external coordination, including working with government agencies and other industry groups in collaboration.

Quantum computers, quantum-resistant cryptography, and human users will all have effects on the cybersecurity industry in the future.  We have no way of knowing when a major breakthrough will come, so the best that we can do is prepare now.

As mentioned, we are co-hosting a digital summit to drill down into these topics in July with our friends at Aimava.  Quantum Future will feature thought leaders, corporations and investors that are looking to scale up in quantum computing.  We are looking to forward to hearing from Prem Tumkosit at Merck GHI Fund and Ilana Wisby CEO of Oxford Quantum Circuits as they share their experiences testing and deploying quantum solutions in security, new chemical discovery, pharma development, massive logistic optimization and seeing the unseen. There will be breakout sessions for attendees with facilitators including Christopher Savoie – CEO Zapata, Chris Erven – CEO, KET Quantum Security, Richard Murray – CEO Orca Computing, Daniel Franke – Merck KGaA, M-Ventures and Andy Stanford-Clark – Chief Technology Officer IBM UK, to name a few.

Register your interest to attend at Aimava Eventbrite Quantum Future – and we are pleased to be able to offer some free places – Promo Code ‘FoleyGuest’.  

This blog is made available by Foley & Lardner LLP (“Foley” or “the Firm”) for informational purposes only. It is not meant to convey the Firm’s legal position on behalf of any client, nor is it intended to convey specific legal advice. Any opinions expressed in this article do not necessarily reflect the views of Foley & Lardner LLP, its partners, or its clients. Accordingly, do not act upon this information without seeking counsel from a licensed attorney. This blog is not intended to create, and receipt of it does not constitute, an attorney-client relationship. Communicating with Foley through this website by email, blog post, or otherwise, does not create an attorney-client relationship for any legal matter. Therefore, any communication or material you transmit to Foley through this blog, whether by email, blog post or any other manner, will not be treated as confidential or proprietary. The information on this blog is published “AS IS” and is not guaranteed to be complete, accurate, and or up-to-date. Foley makes no representations or warranties of any kind, express or implied, as to the operation or content of the site. Foley expressly disclaims all other guarantees, warranties, conditions and representations of any kind, either express or implied, whether arising under any statute, law, commercial use or otherwise, including implied warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event shall Foley or any of its partners, officers, employees, agents or affiliates be liable, directly or indirectly, under any theory of law (contract, tort, negligence or otherwise), to you or anyone else, for any claims, losses or damages, direct, indirect special, incidental, punitive or consequential, resulting from or occasioned by the creation, use of or reliance on this site (including information and other content) or any third party websites or the information, resources or material accessed through any such websites. In some jurisdictions, the contents of this blog may be considered Attorney Advertising. If applicable, please note that prior results do not guarantee a similar outcome. Photographs are for dramatization purposes only and may include models. Likenesses do not necessarily imply current client, partnership or employee status.

Related Services