This article was originally published at Data Driven Investor on June 30, 2021.
Quantum computing is a perennially hot topic in science and technology, with many researchers and companies scrambling to build the first truly practical quantum computer. But as with many technological advancements, the complex jargon can easily obscure the big picture. In cybersecurity, the quantum arms races consists of three fronts: quantum computers, post-quantum cryptography, and human users. With help from our friends at Aimava, we will explore these topics at a digital summit with leading thought leaders, corporations and investors on the future of quantum computing in July.
Quantum computing offers the possibility of solving problems that conventional computers cannot, at least not in a reasonable time frame. Modern information technology relies heavily on cryptography that in its current state could be easily broken with a fully functioning quantum computer.
Typically, modern cryptographic keys are created by multiplying very large prime numbers to create even larger composite numbers. Multiplying is easy for a computer, but reversing that operation—factoring—is computationally difficult for the systems that we use today.
A key can be broken if the factors can be determined. The exact cryptographic implementations are, of course, more complicated, but this basic mathematical unidirectionality underlies much of the cryptography that secures the Internet today. Obviously, security is important not just to individuals and companies but also to governments. The combined computing power of the entire planet would require billions and billions of years to crack properly implemented cryptographic keys, and the algorithms have been tested and retested for long enough that we can be reasonably sure that someone will not find a significant shortcut.
However, a quantum computer could make certain kinds of problems feasible to solve. By using the oddities of quantum mechanics, a quantum computer could (at least theoretically) factor a transport layer security key in a trivial amount of time. Again, quantum computers have many other potential applications, but cryptography is a major one with serious financial and geopolitical consequences. This is highlighted by the recent increase in cybersecurity attacks, the scale and frequency of which has significantly superseded prior records. We’ve seen that sophistication of attacks has increased as bad actors are able to harness new technologies such as artificial intelligence and machine learning. One can only imagine the terrifying implications for cybersecurity if these bad actors were able to apply quantum computing to their attacks.
As practical quantum computers edge closer to reality, others are developing algorithms that are intractable even for quantum computers. Given the massive implications for cybersecurity and cyberwarfare, businesses and nations cannot afford to ignore quantum computers and post-quantum cryptography. Being able to break today’s common security algorithms has severe implications for security and legal compliance. It can also have devastating consequences on the business itself, including regulatory fines, costs of remedying the breach, reputational harm, and potential consumer litigation.
There has been a steady increase in the number of quantum computing startups as well as venture funding in quantum computing. On the other end, tech giants such as Intel, Google, IBM, Microsoft, and Amazon are investing resources in quantum computing technology. Google started experimenting with post-quantum cryptography in Chrome back in 2016, and PQShield, a startup developing quantum-resistant security tech, raised $7 million last year. Just recently, Honeywell and Cambridge Quantum Computing announced a new partnership to leverage their respective expertise in quantum hardware and software.
Quantum computing will be a gamechanger if (or when) it comes to market, and post-quantum cryptography is a necessity as a result. In fact, highly sensitive data should probably be migrated to quantum-resistant algorithms as soon as possible. But no matter how good encryption is, the human element is often the weakest link. It’s worth paying attention to ways companies are using to make humans more secure. For example, years ago, Google started requiring its employees to have physical security keys, and since then it has not suffered a breach from phishing attacks.
In a post-quantum world, not only will technical controls be important elements of cybersecurity, but organizational measures and operational considerations will also be necessary. No matter how secure a system is, users are almost always weak points, so while the quantum arms race heats up, it will be important for companies to develop and implement access controls to make users less susceptible to security breaches. As the sophistication of bad actors increases, companies will likely need to bolster both internal and external coordination, including working with government agencies and other industry groups in collaboration.
Quantum computers, quantum-resistant cryptography, and human users will all have effects on the cybersecurity industry in the future. We have no way of knowing when a major breakthrough will come, so the best that we can do is prepare now.
As mentioned, we are co-hosting a digital summit to drill down into these topics in July with our friends at Aimava. Quantum Future will feature thought leaders, corporations and investors that are looking to scale up in quantum computing. We are looking to forward to hearing from Prem Tumkosit at Merck GHI Fund and Ilana Wisby CEO of Oxford Quantum Circuits as they share their experiences testing and deploying quantum solutions in security, new chemical discovery, pharma development, massive logistic optimization and seeing the unseen. There will be breakout sessions for attendees with facilitators including Christopher Savoie – CEO Zapata, Chris Erven – CEO, KET Quantum Security, Richard Murray – CEO Orca Computing, Daniel Franke – Merck KGaA, M-Ventures and Andy Stanford-Clark – Chief Technology Officer IBM UK, to name a few.