Quantum computing uses the phenomena of quantum mechanics to solve problems that our current supercomputers cannot solve. A supercomputer, also referred to as a classical computer, is a really powerful computer, but it has memory and computational speed limitations that quantum computers do not have. Quantum computers are faster and because of their speed, they can solve real-world problems in our most critical industries and infrastructure sectors—such as healthcare, energy and telecommunications—with the speed and efficiency that classical computers do not possess.
Instead of using bits, as is the case with classical computers, quantum bits (qubits) are used to store information in quantum form. Qubits are what allows a quantum computer to solve problems that would take a classical computer much longer to solve—if it’s possible to solve it at all—because qubits can store much more data and process significantly more outcomes at once.
Globally, the interests in quantum computing research and advances in the development of quantum machines has steadily increased over the past two decades. Commercial leaders in the quantum computing space have enjoyed some success developing small-scale quantum computers, but a large-scale, general purpose, quantum computer does not currently exist. While several companies are developing quantum technologies and quantum computing access—such as Google and IBM—researchers and scientists engaged in the effort to create the world’s first large-scale quantum computer continue to face many challenges.
Although the power of large-scale quantum computing will positively impact sectors like healthcare, energy, finance and media and entertainment, the future of quantum technologies, as well as the timeline for large-scale use is uncertain.
There are also several scientific issues and concerns that quantum experts, researchers and scientists continue to work through. In addition to the scientific challenges, quantum computers are poised to cause information security concerns for individuals, businesses and governments. Experts state that quantum computers will be able to break the security of public-key cryptosystems currently used to secure our Internet communications and financial transactions. In response to this threat, governing bodies have introduced the concept of quantum safe cryptography, also referred to as post-quantum cryptography.
In the most general terms, cryptography keeps information secret. Encryption is the process of converting information in plain text into cipher text to prevent anyone but the intended recipient from reading that data. Almost all Internet communications use public-key cryptography. The longer the key length, the more unlikely it is for an attacker or adversary to intercept a communication or financial transaction using a classical computer. If a more powerful computer is used, such as a quantum computer, the key length would be irrelevant and largely ineffective in securing the Internet communication or financial information.
No one disagrees that quantum computing will break encryption algorithms that are currently used by businesses and governments. Although, experts have offered varying opinions about how close, or far away, we are from breaking conventional encryption, it still remains that quantum computing will make current encryption methods useless. The more relevant threat, however, is that if an adversary begins harvesting sensitive, encrypted, high value data assets, they would be in a position to decrypt in a quantum future.
Experts believe that quantum technology capabilities may be the driver for defining the world leader in the near future. Several nations are heavily investing in quantum research to gain economic and military advantage. This gives rise to geopolitical issues involving the major players (e.g., China, Europe and the United States) who are all racing to develop quantum technologies for communications and defense. These types of issues may threaten geopolitical stability. Quantum safe cryptography will be important for national security and defense against quantum computing technologies used during military operations.
Efforts are underway to develop post-quantum cryptography methods. According to the National Institute of Standards and Technology (NIST), regardless of whether we can estimate the exact time of the arrival of the quantum computing era, we must begin now to prepare our information security systems to be able to resist quantum computing.
As background, NIST highlights that post-quantum cryptography is also called quantum resistant cryptography and they encourage the development of “cryptographic systems that are secure against both quantum and classical computers and can interoperate with existing communications protocols and networks.”
In 2016, NIST began the process of standardizing quantum safe algorithms for key agreement and digital signatures. The organization is in the process of selecting one or more public-key cryptographic algorithms through a public, competition-like process officially called the NIST Post-Quantum Cryptography Standardization Process. At the outset, NIST issued a detailed set of minimum acceptability requirements, submission requirements and an evaluation criterion for candidate algorithms. At the beginning of the process, in 2017, 69 candidate algorithms met the minimum acceptance criteria and submission requirements. NIST selected 26 candidates to advance to the second round and the third-round finalist for public-key encryption and key establishment algorithms have been identified.
According to the National Cyber Security Centre (NCSC), quantum safe cryptography provides the best mitigation for the security threats posed by quantum computing. Both NCSC and NIST indicate that it is not too early to begin planning to transition to quantum safe cryptography.
Planning for quantum safe (or post-quantum) cryptography will require standards developing organizations (SDOs) to enter into planning and discovery phases that will support development of migration roadmaps. NIST recommends that enterprises determine where, and for what, it is employing public-key cryptography. At that point, it can identify use characteristics, such as whether the implementation supports the notion of crypto agility.
Crypto-agility is the ability of a security system to be able to rapidly switch between algorithms, cryptographic primitives, and other encryption mechanisms without the rest of the system’s infrastructure being significantly affected by these changes. Crypto-agility is a complex methodology and achieving it will not happen overnight. The benefits of crypto-agility include:
It is not an exaggeration to say that large-scale quantum computing is going to significantly change the digital world as we know it due to its computational speed and efficiency. Quantum computing promises to improve many critical sectors (e.g., healthcare), and it will also compromise information security for individuals, businesses and governments if entities do not plan and prepare to transition from current encryption methods to quantum safe cryptography.
The Machine Identity Management Development Fund is actively investing in solutions that will smooth the transition to quantum cryptograph. Crypto4A offers quantum-ready PKI and post-quantum ready HSM solutions and ISARA provides quantum-safe and hybrid certificate support for Venafi customers. Visit the Venafi marketplace to learn more.