Race is on to build quantum-proof encryption
Roula Khalaf, Editor of the FT, selects her favourite stories in this weekly newsletter.
When Google said it had achieved “quantum supremacy” by eclipsing the performance of classical supercomputers, experts reacted with both excitement and concern about how next-generation computing could affect everything from medicine to financial portfolio optimisation.
In October, the tech group said its Sycamore quantum processor had, in 200 seconds, performed a task that would take the world’s best supercomputer 10,000 years to complete, although the magnitude of this claim is disputed by the likes of IBM.
Quantum computers — which exploit the quirky behaviour of subatomic particles that can be in two states simultaneously — may prove a useful technology for tasks requiring optimisation and comparison; that is, to find the best route or choice by examining all the options. This could range from finding the most cost-effective route for shipping goods to the most efficient way to extract natural resources.
Experts say quantum computing has the potential to transform materials science and drug development by comprehensively modelling molecules, while its ability to model interconnected dependencies could optimise financial portfolios.
However, cyber security experts and intelligence agencies worry that data security encryption systems will be blown away by the quantum tornado.
Encryption underpins everything from instant messaging services such as WhatsApp to online banking, ecommerce and secure web browsing. It uses algorithms to scramble data from the sender and gives the receiver a decryption key. These algorithms are based on mathematical functions that are easy to compute in one direction but hard to invert. Computing the product of two numbers is easy but factoring large prime numbers is difficult.
“Even with the biggest computers, factoring is hard once you are looking at numbers into, say, three or four hundred digits,” says Christophe Petit, senior lecturer at Birmingham university’s School of Computer Science. “There just isn’t a method to efficiently solve that problem and encryption relies on that hardness.”
With the extra power provided by quantum computers, problems such as factoring are easily scalable. “The day a big quantum computer is built, all the cryptography we are using today is dead,” warns Mr Petit.
It is uncertain when the first true quantum computer will arrive. There is also a long journey between building a computer with quantum-like properties compared with a full-scale, commercial version, partly because of the ultra-low temperature conditions required by quantum computers. However, there are fears that a malicious state could get far enough to wreak havoc.
Cracking encryption could enable a rogue actor to spy on communications and data — including classified intelligence flowing between military agencies — or gain backdoor access to critical infrastructures and facilities. Financial data also relies heavily on quantum-vulnerable encryption.
“To crack encryption, all you need is one working quantum computer under laboratory conditions,” says Andersen Cheng, chief executive of Post-Quantum, a cyber security company. Mr Cheng likens it to building an engine and gearbox compared with manufacturing an entire car. “A lot of nation states are building quantum computers and they just need a working engine to start cracking encryption,” he says.
“In the public discourse, people are saying it will be 10 to 20 years until we have the first full commercially available quantum computer,” says Mr Cheng. “In the cyber security domain, they say it will be more like five to 10 years, but the intelligence community [has] become worried . . . over the past two years. They believe a working quantum computer will arrive much earlier than we think.”
Agencies including the National Security Agency and National Institute of Standards and Technology in the US, and Government Communications Headquarters in the UK, are working on post-quantum cyber security.
To build quantum-resistant encryption, cyber teams seek out categories of problems for which simultaneous processing power confers no advantage. These should be problems that are already understood but take substantial time to solve.
Lattice-based cryptography is a leading approach explored by the likes of IBM. It uses high-dimension geometric structures to hide information in ways considered impossible to solve without the key, even for quantum computers. An alternative technique, borrowed from the satellite industry, deliberately introduces random errors into the encryption process to make the output look different every time, even if the same input is being encrypted, according to Mr Cheng.
While a small network of cyber researchers has been exploring post-quantum security protocols for decades, experts say we need to raise the pace. “We want to be ready not just when quantum computers come out but 20 years earlier,” says Mr Petit. “We should be rolling out encryption — in evoting systems, medical data, and aircraft, for instance — that will be secure for decades. Even if the first quantum computer does not come for 20 years we are, in a sense, already late.”