In the near future, quantum computing is set to revolutionise the way we work and live.
So far, governments worldwide have invested millions into quantum computing due to its ability to outperform conventional computers and solve challenges that have so far been impossible.
However, a quantum threat looms. This threat refers to the potential risk posed by the advent of quantum computers to current cryptographic systems. Despite their ability to solve complex problems, this could potentially allow them to break commonly used encryption algorithms, which threaten information security, encrypted data, and more.
So how can governments respond to the quantum threat? Innovation News Network spoke to Andersen Cheng, Founder of Post-Quantum, who discusses the challenges and developments in the quantum sector and how governments can respond to the looming quantum threat.
How do quantum computers differ from conventional computers?
Quantum and classical computers are built differently and operate according to different rules. Classical computers operate according to binaries, 1s and 0s, which is akin to a light switch that is either on or off.
Quantum computers, on the other hand, use ‘qubits’ or quantum-bits (Q-bits), and these can be both zero and one or on and off concurrently. Because qubits can be multiple states, quantum computers can optimise a process or a calculation. For instance, if a classical computer tries to find a way through a maze, it will explore every path in sequence until it solves it. A quantum computer could parse every route simultaneously and find the correct path nearly instantaneously.
As a result, quantum computing is seen by many to be a generational technological revolution that shifts our power to process data and solve problems that are unthinkable with classical machines. From being able to react faster to market volatility in financial services, to being more efficient in the discovery of pharmaceutical cures or new materials, applying emerging quantum technology to challenges across various industries and sectors is viewed by many to be hugely beneficial.
However, many people overlook the fact that quantum computers are actually inferior to classical computers in most areas – classical machines will continue to be used for the majority of tasks we undertake today.
That being said, quantum computers are vastly superior in some areas, including when performing analysis on small amounts of data – precisely the quality needed to break encryption and ‘melt’ our existing security infrastructure.
Can you outline some of the recent developments in quantum computing?
Quantum computing is an incredibly well-funded and researched technology, which means that there are always developments and milestones being reported. The first major one that grabbed the headlines was in 2019 when Google claimed ‘quantum supremacy’ when its Sycamore model could supposedly outperform a supercomputer. This claim has been debated across the community since, but it was still an important milestone that thrust the technology into the mainstream news cycle.
Since then, we continually see new milestones being announced. Just this year alone, we’ve seen scientists at Quantinuum say they are now a step closer to making quantum computing fault tolerant. Further, IBM published a paper in Nature that describes a breakthrough in quantum computing wherein they solved a complex problem that leading supercomputing approximation methods could not handle.
At this stage, the community looking to develop a functioning machine is focusing on ways to stabilise the necessary components of quantum computers, which are incredibly fragile. This is because qubits are subatomic particles that are affected by heat, vibration, magnetic fields and cosmic rays, which means quantum computers must be kept in a very controlled environment to minimise and correct any errors. These errors currently limit the ability to observe and test these computers, so researchers are constantly developing ways to stabilise the environment.
How do these developments pose a quantum threat?
While efforts to build a functioning machine gather pace, the quantum threat is getting closer by the day. As mentioned, while classical computers will still be more practical and useful across some areas, one of the aspects where quantum machines are vastly superior is performing huge analyses on small amounts of data – precisely the quality needed to break encryption and ‘melt’ our existing security infrastructure.
In other words, quantum computers will be able to break the existing public-key algorithms that have served to protect the digital world since the late 1970s. Everything from online banking to critical national infrastructure, to anything else that uses public-key cryptography (PKC), will be immediately at risk and left exposed to anyone with a functioning quantum machine.
However, even before this day arrives – which could be in five, ten, or 20 years – the quantum threat is already with us today in the form of ‘Harvest Now, Decrypt Later’. Put simply, this refers to the collection of encrypted data with the intention of cracking it when a functioning quantum machine emerges.
I was one of the first in the world to highlight this could already be happening, such as in instances where we see internet traffic re-routed on unusual global paths for no apparent reason before returning to normal. Top security agencies such as GCHQ, MI6, NSA, and BSI have since gone public, highlighting such a threat.
What projects are being carried out to overcome this?
Recognition of this threat only entered the mainstream three or four years ago, and with the quantum threat of HNDL already on our doorstep, it’s an inescapable fact that the world is already playing catch-up.
However, there have been a number of positive steps in recent years, beginning with the foundation laid by the National Institute of Standards and Technology (NIST), which in 2016 announced it was developing and selecting new algorithms that can withstand the quantum threat. These algorithms that form NISTs final standard will effectively protect all future data flowing over the internet, and in 2022 four algorithms were selected, kickstarting the migration process for many and pushing governments into action.
Other organisations have also played a vital role in laying the groundwork for post-quantum migration efforts. The Internet Engineering Task Force (IETF), which is responsible for setting security standards across the Internet, is another good example.
Driven by our team at Post-Quantum, IETF has created a new VPN standard that helps specify how VPNs can exchange communications securely in the quantum age. The novel approach prioritises interoperability by making it possible for multiple post-quantum and classical encryption algorithms to be incorporated into VPNs. Combining both old and new encryption is essential to ensure no disruption to the functioning of existing IT systems, and to protect data from attack by both classical and quantum computers.
How should the government respond to the quantum threat?
While it’s clear that organisations like IETF and NIST have been the first to set the foundation, it’s been encouraging to see governments also wake up to the threat in recent years.
Despite a slow start, the US has now firmly taken the lead following a series of orders and legislation from the Biden government. This includes the Quantum Computing Cybersecurity Preparedness Act, which was passed in 2022 and details the migration to secure government information with post-quantum cryptography. More recently, in 2023, US National Cybersecurity Strategy has outlined a roadmap to replace all vulnerable hardware, software, and applications that could be compromised.
Other parts of the world are, in comparison, slightly lagging behind in their preparedness, Europe being one. Although Europe has a strong history of innovation when it comes to quantum computing and the quantum threat, at a policy-making level it has struggled to find momentum and determine a unified approach.
Today, without an agreed approach or standardised algorithms/protocols determined by the European Union (EU), member states have been left to forge their own path, resulting in an asymmetry in the investment and development of quantum-proof infrastructures. For instance, since 2010, Germany and France have invested over $5bn in quantum computing, while the rest of Europe combined has invested $1.2bn. These efforts dwarf in comparison to China. Whilst no one can verify how much China is spending on quantum innovations, it is believed to be in excess of $15bn based on a number of sources.
It is inevitable that we now live in a multilateral world where no one nation-state can force everyone else to follow suit. In order to have a viable and robust quantum migration, interoperability and backward compatibility are the most important considerations to counter this existential risk.