Cybersecurity in a quantum world: will we be ready?

On Tuesday, March 10th, the Institute for Quantum Computing (IQC) hosted a public lecture where Co-Founder and Deputy Director Michele Mosca addressed the ways in which the world’s information security will be fundamentally changed as a result of the development of large-scale quantum computers. To begin, he outlined the impact that certain quantum algorithms will have on the security of the world’s cryptography, and enumerated the pervasive and devastating effects that this will have on our broader information infrastructure.

As a foundational pillar of cybersecurity, cryptography allows us to achieve information security while using untrusted communications networks, such as the Internet. Cryptography ensures that our information is secure and confidential by encoding it using mathematical problems that are difficult to efficiently solve. As a result, cryptography ensures that the only party that is able to read an encoded message is the party with the “key” to decode it. If the math problem used to encode a problem is hard to solve, finding a private key to decode it is also hard. Unfortunately, most of the mathematical problems upon which our current cryptography is based –which are known to be extremely difficult on the computers of today – could be solved quickly by the quantum computers of tomorrow.

The paradigm shift toward quantum computation is leading to new quantum technologies that can solve problems in computation, communication and sensing that were previously believed to be impossible. This will undoubtedly give us the computational ability to make incredible innovations across wide domains of science. Unfortunately, it will also make easy some of the mathematics that we’d prefer remain difficult – in particular, the much of the mathematics that is used today to encrypt the world’s information. Fortunately, Mosca notes, there is a way to have all of the social benefits of quantum computation without the immense drawbacks of breaking the world’s cryptography – we simply need to choose to use new forms of cryptography that quantum computers cannot break.

To combat the devastating effects that quantum attacks would have on industries such as banking, utilities, communications, healthcare, technology, and manufacturing, we must develop ways of “quantum-proofing” our digital world. A quantum-safe cryptographic infrastructure will encompass both “post-quantum” cryptography (codes that can be deployed on everyday classical computers, but we believe cannot be broken by quantum computers) as well as quantum cryptography (codes that require quantum technologies, and that cannot be broken by quantum computers). Quantum cryptography is a particularly interesting innovation, because the security of the cryptographic key is guaranteed by the laws of physics. Fortunately, these systems exist and are being worked on by mathematicians, physicists, and engineers around the globe. However, there is still a great deal of work to be done by researchers, industry and government before they can be widely deployed.

A renowned leader in quantum computation, Mosca emphasizes that while the exact date of the arrival of a sufficiently large quantum computer is difficult to predict – be it 2 years from now, or 20 years from now – it is imperative that the world begin to “quantum-proof” their information security systems immediately. It is not only information transmitted after the advent of large-scale quantum computers that is vulnerable – everything that has ever (or will ever) be sent over a network is vulnerable to adversarial storage, tampering, or decryption. Every day that passes in which information is transmitted without quantum-safe security is another day’s worth of data that could be stored for later decryption and attack by a quantum adversary. These types of attacks create new security challenges that threaten our privacy and leave us vulnerable to viruses, fraud and identity theft.

Mosca advises that industrial and government organizations should begin planning their migration to quantum-secure technologies by participating in standards groups, conducting security evaluations, and discussing procurement options with technology vendors who are building quantum-safe tools. These tools are already in progress in research labs at IQC and around the world, but will only be deployed globally with sufficient industrial involvement and leadership. Now is the time to write history before it happens, by making the choice to secure our communications against quantum adversaries today – rather than being forced to live without security and privacy in the future.