The positive implications of the arrival of the quantum era are obvious. However, not all potential uses of quantum computing power are quite so benign. Quantum computers are ideally suited to solving complex mathematical problems, such as the factoring of large numbers, which is at the core of asymmetric cryptosystems. This has serious implications for cybersecurity.
Indeed, cybersecurity relies on a rather restricted number of cryptographic primitives. Foremost among them are the well-known RSA and ECC algorithms. Both are based on the hardness of factoring, which does not hold true anymore once quantum computers are available.
As the critical lifespan of data gets longer, the danger becomes more tangible. Data stolen today does not have to be decrypted today to hold value. Financial, healthcare and intellectual property data stolen today could still be relevant in 10 years’ time.
The ability to download now and decrypt later means than, even if they are only available in several years, quantum computers pose a genuine threat to data security today.
In response to the threat of the quantum computer, there is a need to replace the current cybersecurity infrastructure with a new quantum-safe one. For this purpose, cybersecurity innovators are turning to a variety of technologies.
First, one can replace current cryptographic algorithms, which will not withstand the arrival of the quantum computer, by a new set of quantum-resistant algorithms, also known as post-quantum algorithms. The search for suitable algorithms has been formalised by a process led by the NIST in the USA.
Candidates for various cryptographic functions are currently under scrutiny. Standardisation is expected within 4 to 5 years. However, there is a distinct possibility that new quantum algorithms, i.e. algorithms operating on quantum computers, may threaten these. The risk may be unreasonable for data with high and long-term value.
Alternatively, in an interesting twist, one can use quantum technologies themselves, and in particular quantum cryptography to counter the emerging threat. Advances in the development of quantum key generation and quantum key distribution (QKD) for example are well underway.
QKD is a breakthrough technology that exploits one of the fundamental principles of quantum physics (observation causes perturbation) to ensure forward secrecy of encryption keys across an optical fibre network, or across free space. Any attempt to eavesdrop on the network would be detected and passive interception is rendered impossible.
Unlike the quantum computer, QKD is already a reality. There is a number of real-world installations of QKD already in place. This includes a 2000 km-long infrastructure backbone in China, used to secure data exchanged between Beijing and Shanghai (and all points in between). This is currently being extended to an 11’000 backbone, which will cover most of Eastern China.
ID Quantique has been pioneering Quantum Cybersecurity since 2001, and deployed the world’s first commercial QKD systems in 2007. Since then, IDQ has been instrumental in establishing QKD networks and testbeds on all continents and has built one of the world’s most sophisticated QKD networks in South Korea, achieving unmatched scalability, usability, and interoperability.