Taking a precautionary approach to the cyber-risk from quantum computing

Classical-encryption breaking quantum computers are said to be a decade or so away but should we start preparing our defense?
23 April 2018

Inside the IBM Q Network. Source: IBM Newsroom

E arlier in the month, Cisco Systems announced it is working to develop new cryptographic algorithms to help firms protect their online systems against a potential attack by a quantum computer.

The major American IT and networking company is partnering with Isara Corp., a Canadian startup founded by former BlackBerry security executives, on the initiative.

Preparing for the threat posed by quantum computers might seem premature, but quantum technologies are slowly making headway, with major tech firms investing billions in their development. Last year, IBM announced its clients will have access to a 20-qubit quantum computer, called IBM Q. The company has also built a 50-qubit quantum computer prototype.

Earlier in the year, AT&T launched the Alliance for Quantum Technologies (AQT), which aims to speed quantum technology development, in particular, to build a supporting quantum network that will exponentiate the power of computer computers.

Google is also working to develop its own quantum computer at its Quantum AI Laboratory.

Although, it’s no easy feat assembling a quantum computer – to get the IBM Q, to work developers had to create two of the coldest points in the entire universe; nevertheless, it is a matter of when, not if, the technology will be developed.

Though physicists argue over the possible timeframe for full development, the most common estimate, is in around 10 years.

Panos Kampanakis, Technical Marketing Engineer at Cisco, told the Wall Street Journal the company wants to be ‘prepared’ for quantum computers, which is wise given the huge impact they could have.

The IBM Q. Source: IBM Newsroom

As Maria Spiropulu, Physics Professor, Researcher, California Institute of Technology, who is also part of the AT&T initiative, said at Web Summit last year: “It would take a billion years or so to guess your way into decoding encryption. In a quantum world that would take minutes, if not seconds, to run through all the possible permutations, so all encryption would need to change.”

She added: “It needs to be in the hands of good because when it is that game changing, in the hands of bad It is going to change everything for the worse.”

Encryption algorithms such as RSA, which is used by modern computers to encrypt and decrypt messages, are at significant risk from quantum technology.

According to Kampanakis, Cisco has been researching quantum security for over five years. With Isara, the company is testing digital certificates that operate in both classic and quantum-safe algorithm modes.

“This proof-of-concept project with Cisco demonstrates how a single digital certificate can accommodate multiple public-key algorithms, which will help to reduce the costs and risks during the migration process of the Public Key Infrastructure (PKI) and its dependent systems,” ISARA Senior Product Manager Alexander Truskovsky said in a press release.

Most personal and corporate computing environments depend on PKIs to issue certificates that are essential to authenticating digital transactions. Cisco and ISARA say their technology will ensure each party to the transaction is, in fact, who they claim to be, whereas traditional certificates only use a single algorithm, and will require the issuance of duplicate certificates that use quantum-safe algorithms once systems start to be upgraded.

The company alludes to the massive upheaval and potential urgency there will be to make classical systems quantum-safe.

“Once the quantum-safe algorithms are standardized, we may have a very short time frame in order to migrate our systems,” Kampanakis said.

“Preparing a smoother migration to quantum-safe authentication is something we can do now, while the new algorithms are going through the selection process in NIST’s (US National Institute of Standards and Technology) PQ Project.”

While quantum computing technology is still fledgling, and no one really knows when it will be here fully, NIST state that it has taken almost two decades to deploy modern public key cryptography infrastructure.  Therefore, it is important to prepare information security systems to resist quantum computing now, rather than playing catch up when it is potentially too late.