Quantum Computing Real Risk Now

Quantum's Double Edge: Revolutionising Tomorrow, Endangering Today

The dawn of quantum computation promises a new epoch for technological advancement, yet it simultaneously casts a long shadow over the security of our current digital world. This powerful new form of computation, operating on principles that defy classical intuition, holds the potential to solve problems currently intractable for even the most powerful supercomputers. However, this same capability renders the cryptographic foundations of our interconnected society alarmingly vulnerable. The United Kingdom, a significant player in quantum research and development, stands at a crucial juncture, needing to navigate both the immense opportunities and the profound risks this technology presents.

Echoes of Y2K: A Familiar, Yet More Complex, Dread

Roughly a quarter-century past, software developers worldwide engaged in a frantic race against time. They worked to resolve the year 2000 computer problem, a software flaw igniting widespread apprehension. Concerns mounted that this glitch could trigger catastrophic failures in global banking systems and even cause aeroplanes to malfunction and fall. Much to the relief of everyone involved, the actual repercussions of the Y2K software issue proved to be surprisingly minimal when the new millennium arrived.

Today, a different kind of digital Sword of Damocles hangs over global infrastructure. This time, however, the threat is more insidious. Its arrival is not tied to a predictable date, and the extensive presence of contemporary digital tools means rectifying the issue is considerably more complex. The core of this new anxiety lies with the advent of quantum computation. These machines, once theoretical, are steadily moving towards practical reality, and with them comes the ability to shatter the encryption safeguarding our hyper-connected lives.

Beyond Binary: The Strange World of Qubits

Classical computers, the workhorses of our current digital age, process information using bits. A bit represents either a zero or a one, an "off" or an "on" state. Quantum computation, in stark contrast, employs "qubits". Unlike a classical bit, a qubit leverages the quantum mechanical principle of superposition. This allows it to represent zero, one, or a combination of both simultaneously. This fundamental difference grants quantum computers an extraordinary advantage for certain types of calculations.

Nishanth Sastry, Professor and the computer science research director for the University of Surrey, elucidates that the immense power of quantum processing stems from its capacity to perform numerous calculations concurrently. This inherent parallelism makes quantum frameworks vastly more efficient and potent for specific tasks compared to their classical counterparts. This opens doors to tackling challenges previously considered insurmountable.

The Promise: Solving the Unsolvable

The unique capabilities of quantum frameworks present the tantalising prospect of breakthroughs in numerous fields. Medical research could see an acceleration in drug discovery and the development of personalised medicine through the complex molecular simulations these advanced computers can handle. Materials science could benefit from the ability to design and discover novel materials with specific properties by understanding their quantum structures. Furthermore, quantum machines excel at deciphering especially intricate mathematical enigmas, a capability that, while beneficial in many areas, also forms the heart of the impending security crisis.

Encryption's Downfall: The Quantum Threat

The very mathematical puzzles that quantum machines can solve with relative ease are the bedrock of many current cryptographic methods. These algorithms, such as the widely used RSA (Rivest-Shamir-Adleman) and Elliptic Curve Cryptography (ECC), protect a wide range of applications, from digital transactions and online commerce to secure communications and sensitive government data. Today's most powerful conventional computers would require eons to defeat contemporary cryptographic methods like RSA. A quantum machine with adequate strength, however, could theoretically accomplish this task within mere moments.

Jon France, who serves as the principal information security official with ISC2, a not-for-profit cybersecurity entity, warns that any data protected by current vulnerable encryption methods will become an open target for those possessing quantum-capable machines. This has profound implications for reliability, secrecy, and personal discretion throughout all digital networks. The very systems designed to ensure our online security are threatened by this new computational paradigm.

Image Credit - BBC

Shor's Algorithm: The Encryption Breaker

A key specific threat to current public-key cryptography comes from an algorithm devised by Peter Shor in 1994. Shor's algorithm, when run on a quantum apparatus with sufficient power, can efficiently find the prime factors of large numbers. The security of RSA, for example, relies on the classical difficulty of this exact problem. While other quantum algorithms like Grover's offer speed-ups for different problems, Shor's algorithm directly targets the mathematical foundations of the systems that protect much of the world's digital information.

Global Digital Foundations at Severe Risk

The widespread use of strong encryption in modern life cannot be overstated. Every secure online transaction, every confidential email, and vast swathes of stored sensitive data rely on these cryptographic methods. The prospect of these protections becoming easily breakable means that financial systems, healthcare records, intelligence vital to national defense, and personal communications could all be exposed. The fundamental trust that underpins the digital economy and online interactions faces an unprecedented challenge. This threat extends globally, impacting every nation and every individual reliant on secure digital infrastructure.

The "Harvest Now, Decrypt Later" Menace

Even though cryptographically relevant quantum computers (CRQCs) possessing the ability to defeat current strong encryption are still believed to be some considerable time from realisation, a significant threat exists today. Adversaries, including state-sponsored actors and sophisticated criminal organisations, can actively collect and store encrypted data now. Their strategy is to stockpile this information with the intention of decrypting it once they acquire entry to sufficiently potent quantum devices in the future. This "harvest now, decrypt later" tactic means that data considered secure today could be compromised tomorrow.

Long-Term Sensitive Data: A Ticking Clock

The "harvest now, decrypt later" strategy poses a particularly severe risk for information that needs to remain confidential for extended periods. Greg Wetmore, a vice president overseeing software creation for Entrust, the security company, advises technology leaders to assess what data within their establishment holds significance over the subsequent ten-year span or longer. This category includes secrets vital to national security, long-term strategic business plans, sensitive personal data (like genetic information or health records), and valuable intellectual property such as trade secrets, proprietary formulas, or complex industrial designs. The compromise of such information could have devastated and long-lasting consequences.

The Quantum Development Race: Progress and Projections

The journey towards fault-tolerant quantum computers is accelerating, with significant investments and breakthroughs occurring globally. Companies like Google, IBM, Microsoft, and Quantinuum, alongside numerous startups and university research groups, are pushing the boundaries of quantum hardware and software. Progress continues to be announced by these major players and others in the field, steadily advancing the capabilities of quantum processors.

Estimates regarding the quantity of qubits needed to overcome existing security protocols vary. Some experts suggest around ten thousand stable logic units; however, different experts believe millions of current, more error-prone physical qubits might be necessary. While today’s systems feature hundreds, or in some cases, just over a thousand physical quantum bits, the pace of innovation is rapid. Projections on when a CRQC will emerge differ, with some optimistic forecasts suggesting potential threats to current encryption in the coming decade, while more conservative estimates place this further into the future.

Geopolitical Dimensions: A New Frontier of Competition

The development of quantum processing has profound geopolitical implications, emerging as a new arena for great-power competition. Nations view quantum capabilities as strategic assets crucial for future economic strength, military superiority, and technological sovereignty. Leadership in quantum science can significantly elevate a nation's global standing. Consequently, governments worldwide are investing billions, with China, the US, the EU, and the UK among the leading nations. The UK government, through its National Quantum Strategy, has committed significant funding to bolster its quantum sector, aiming to attract further private investment. This global race also carries risks of a "quantum divide," where nations lacking significant quantum programmes could fall further behind technologically and economically.

The UK's National Quantum Strategy: A Proactive Stance

The United Kingdom has recognised the strategic importance of quantum technologies for its future prosperity and security. The government launched the National Quantum Technologies Programme (NQTP) in 2014, investing over £1 billion during its initial decade to build research hubs and foster commercialisation. Building on this, the 2023 National Quantum Strategy outlines a 10-year vision, committing £2.5 billion to create a leading quantum-enabled economy. Key aims include developing accessible UK-based quantum computers and deploying advanced quantum networks. The strategy also focuses on integrating quantum sensing into areas like healthcare.

The Solution: Post-Quantum Cryptography (PQC)

Fortunately, the looming quantum threat has not gone unnoticed. Academic investigators and the global tech sector have been diligently developing new encryption standards resistant to attacks from both classical and quantum computers. This field is known as post-quantum cryptography (PQC). The National Institute of Standards and Technology in the USA (NIST) has been at the forefront of this effort, running a multi-year project to solicit, evaluate, and standardise PQC algorithms. NIST has already published finalised PQC standards, including CRYSTALS-Kyber for general encryption, and CRYSTALS-Dilithium and SPHINCS+ for digital signatures, with Falcon also chosen. Additional algorithms continue to be evaluated.

NCSC Guidance: A Roadmap for UK Transition

In the UK, the National Cyber Security Centre (NCSC), part of GCHQ, is actively guiding organisations through the transition to PQC. The NCSC has issued guidance urging organisations to prepare for this cryptographic shift to safeguard sensitive information. This guidance outlines a phased migration timeline, encouraging identification and planning in the initial stages, followed by the execution of high-priority upgrades, and ultimately the completion of the PQC transition for all systems. This proactive approach aims to ensure the UK's digital infrastructure remains secure against future quantum advancements.

Image Credit - BBC

The Mammoth Task of Upgrading

Transitioning to PQC represents a monumental upgrade task, impacting virtually all aspects of our current technology infrastructure. Jon France from ISC2 highlights the sheer scale, noting that billions of devices and applications employ asymmetric encryption, all of which will eventually need updating. This involves software updates, potential hardware replacements, extensive testing, and staff training. The costs can be significant, especially for organisations with extensive legacy systems that may not be easily compatible with the new, more computationally intensive PQC algorithms.

Challenges: Performance, Resources, and Awareness

PQC algorithms often come with larger key sizes and potentially higher computational demands compared to classical algorithms. For example, while RSA keys are typically 2048 to 4096 bits, some PQC alternatives might require significantly larger keys. This can impact performance, especially on resource-constrained devices like smartphones and Internet of Things (IoT) hardware. Another challenge is the general lack of awareness or a misplaced sense of urgency within some organisations, leading to delays in preparation. Building "crypto-agility"—the ability to efficiently manage and transition cryptographic assets—is crucial.

Impact on Internet of Things (IoT) Devices

The interconnected network of everyday objects presents a particularly thorny challenge for the PQC transition. Billions of IoT devices are already deployed, many with limited processing power, memory, and often no straightforward mechanism for software updates. These devices, found in smart homes, critical infrastructure, industrial control systems, and healthcare, often have long operational lifespans, sometimes exceeding a decade. Devices deployed today without quantum-resistant security could remain vulnerable when quantum computers become a reality. Securing the IoT supply chain against quantum threats is also a growing concern.

The Financial Sector: Preparing for Quantum Finance 4.0

The financial services industry stands to be significantly impacted by quantum computation, both positively and negatively. Quantum machines promise to revolutionise areas like portfolio optimisation, risk management, fraud detection, and algorithmic trading by processing vast datasets and complex calculations at unprecedented speeds. However, the sector's heavy reliance on data security makes it a prime target for quantum attacks on current encryption. Financial institutions are actively exploring PQC migration and investing in quantum research to harness its benefits while mitigating security risks. Global spending by financial services on advanced computation is projected to soar.

Healthcare: Quantum Leaps in Medicine, Quantum Risks for Data

Quantum computation holds immense promise for transforming healthcare through accelerated drug discovery, enhanced medical imaging, personalised medicine based on genetic analysis, and more accurate epidemiological modelling. Companies are already investing in quantum-powered research to find cures for complex diseases like cancer and Alzheimer's. However, the highly sensitive nature of patient data makes quantum security a critical concern. Ensuring that the revolutionary breakthroughs in healthcare are realised safely and securely necessitates a timely transition to quantum-resistant data protection measures. The UK's strategy includes ambitions for NHS Trusts to benefit from quantum sensing solutions.

Securing Space: Satellites in the Quantum Era

The quantum challenge extends even to assets in orbit. Professor Sastry notes that many modern satellite constellations, like Starlink, consist of numerous relatively simple satellites. These should be fairly uncomplicated to update, perhaps by taking individual units offline temporarily for software patches. The redundancy in such LEO networks (a region of low Earth orbit), where multiple satellites are often overhead, means service disruptions would likely be minimal.

More challenging are larger, more complex "remote observation" satellites. These encompass units employed for mapping, climate monitoring, or intelligence gathering. Such satellites carry significant onboard computing power and often incorporate secure computing modules. An update to the physical components for these sophisticated systems could effectively mean replacing the entire satellite. However, Professor Sastry suggests this is becoming less of an insurmountable problem due to the increasing frequency and decreasing cost of satellite launches, allowing for more regular technology refreshment cycles.

The Uncertainty of "Q-Day"

Unlike the Y2K software issue, which had a known, fixed deadline, there is no precise date for when current encryption will become obsolete – often referred to as "Q-Day." François Dupressoir, an academic from Bristol University specializing in cryptography, highlights this crucial difference. The extensive work undertaken globally to resolve the year 2000 computer problem before 1 January 2000, averted widespread chaos. With the quantum threat, the timeline is far less certain. This uncertainty makes planning more complex but underscores the need for proactive preparation. Mr Dupressoir aptly stated that with cryptographic methods, if an unauthorized party compromises your defenses, you become aware only after they possess your information. The silent nature of data harvesting and future decryption capabilities makes early adoption of PQC a matter of prudent foresight.

Building Crypto-Agility: The Path Forward

Given the uncertainties and the scale of the PQC transition, organisations are encouraged to develop "crypto-agility." This involves creating an inventory of all cryptographic assets, understanding where and how encryption is used, identifying vulnerabilities, and establishing policies for managing and updating cryptographic systems efficiently. Automation will play a key role in this process. Greg Wetmore of Entrust emphasises that fostering this adaptability is the key to an orderly, rather than chaotic, transition. For many smaller businesses, updates will likely come from their software and service providers. Larger organisations, however, face a more significant undertaking requiring dedicated planning and investment.

A Continuing Evolution: Research and Vigilance

The move to the first generation of PQC standards is a critical step, but it is not the final word. The field of quantum processing is still rapidly evolving, and cryptographic research is an ongoing process. New quantum algorithms or improvements to existing ones could emerge, potentially challenging current PQC solutions in the distant future. Therefore, continuous research, vigilance, and a commitment to updating security measures as the threat landscape evolves will be essential for maintaining long-term data security in the quantum age. The development of standards and best practices is an international effort, requiring collaboration between academia, industry, and governments.

The quantum revolution is undeniably on its way. It carries the potential for extraordinary advancements across almost every sector. However, to harness these benefits safely, the world must act decisively to modernise its cryptographic defences. The transition to post-quantum cryptography is not merely a technical upgrade; it is a fundamental necessity for preserving privacy, security, and trust in the digital systems that underpin modern society.