Countdown to Q-Day

The next generation of quantum computers is set to unlock a panoply of new opportunities, but simultaneously pose enormous risks to the security of data, systems and critical infrastructure. Up to now, encrypting data in a way that prevents third parties such as hackers, advertisers and government bodies from viewing it via the use of a virtual private network (VPN) has been the standard and accepted way of securing and protecting digital assets. Yet while the most robust VPNs remain the most reliable cybersecurity tools available today, in the future most, if not all of them, may be rendered obsolete. That’s because eventually quantum computers will be advanced enough to break the majority of encryption algorithms that are today being used to protect a lot of the world’s online data.

Cryptographers call it Q-Day and for many, it represents a seismic event—from this point onwards, a quantum computer will be able to crack public encryption systems. The encryption schemes that are most vulnerable to quantum attacks are those that rely on large prime numbers; crucially, it is these encryption schemes that underpin almost all digital communication systems. Naturally, Q-Day will have serious implications for businesses and people worldwide—internet companies, financial institutions and governments, as well as for an individual’s personal privacy. For this reason, politicians and technology leaders alike need to assess the risks of this future scenario and plan how to transition to quantum-resistant cryptography while at the same time overcoming its associated complexities.

Related:Quantum Tokens Delivered Over Fiber Optics in World First

To guarantee the smooth and ultimately successful migration to quantum-resistant methods, the starting point should be to define essential post-quantum cryptography standards. Such standards will be the initial step in terms of securing data and the first line of defense against adversaries and their newly acquired abilities to break the mathematical foundations of current encryption methods.

Preparing for an Uncertain Future

The point at which quantum computers will be able to break the encryption used to protect the world’s most sensitive data remains unknown, though some experts predict it is likely to happen in the next five years. Even in the face of this uncertainty, organizations and governments globally need to take pre-emptive steps to protect their data from the impending threat of quantum-powered attacks.

This urgency is particularly acute given that “harvest now, decrypt later” (HNDL) attacks are already happening today, so the concept that “encrypted data is safe” can no longer be relied upon. Fundamentally, many organizations, businesses and governments will be negatively impacted if they fail to prepare for post-quantum cryptography risks. Adversaries and bad actors—sponsored by nation-states or criminal enterprises—will be able to access and unencrypt critical data, so data that has a lifespan beyond three years from now is at risk. If a person with nefarious intent takes a copy of existing encrypted communications data—anything over the public internet, for instance—all that it will take to expose that data a few years from now is a quantum computer. Only by securing it today will it be possible to keep it private in the future.

Related:Toshiba Backs Singapore’s Quantum-Safe Goals

New Standards for a New Era

Given that many classical cryptographic systems are susceptible to quantum-enabled decryption, a new approach is required to secure sensitive data, access and communications. For this reason, cryptographers have been anticipating the arrival of quantum computers by developing new cryptographic algorithms that can credibly defend against attackers equipped with quantum computers and can also be run on classical systems.

One particularly well-known quantum algorithm developed in the 1990s, the eponymously titled “Shor’s algorithm”, proved that sufficiently powerful future quantum computers would be able to find the prime factors of integers much more easily than classical computers. It was the first algorithm ever developed for quantum computers, foreshadowing the weaknesses of established algorithms in a quantum future.

Today, newly standardized algorithms replace the classical systems by focusing on problems that are equally difficult for both classical and quantum computers to solve. The drive to develop new standards specifically aimed at addressing the critical need to secure digital infrastructure before quantum computing makes these attacks feasible is underway and gathering momentum. They are expected to be widely adopted in security protocols and applications in the near future.

Quantum Key Distribution: The Future of Quantum Secure Networks

In addition to the development of new cryptographic algorithms, researchers are also exploring the use of quantum key distribution (QKD) as a viable avenue to secure global communication infrastructures.

QKD is a pioneering way of securing communication that exploits the underlying principles of quantum mechanics to encode, transmit and decode messages. Simply put, it is a way to share cryptographic keys between two parties in order to protect that data and keep it inviolably secure. In practice, QKD makes it possible to send information using quantum bits that only the sender and receiver can read. All confidential information that is encrypted using this secure key will have an unparalleled level of protection, even against potential future quantum computer attacks.

Important progress has been made in the deployment of QKD-enabled communication infrastructures, with several of these types of networks under construction across the world. For example, the London Quantum Secure Network effectively delivers security key payloads to customer sites—all made possible through QKD. This foundational use case deftly highlights how quantum technology can be applied to exchange a secret that is then used to encrypt data communication between two parties. So far it is helping early customers make tentative steps towards achieving quantum secure data transmission between various sites across a wide geographic area.

To help facilitate and sustain this current growth in quantum communications there is a pressing need to develop industrial standards to help this nascent technology to succeed. This is why ETSI’s Industry Specification Group (ISG) on QKD is leading activities to help accomplish this ambition by developing common interfaces and specifications for the quantum communications industry that will stimulate markets for components, systems and applications.

In addition, ETSI’s TC CYBER working group on quantum-safe cryptography (QSC) looks at developing recommendations on the various proposals from industry and academia regarding real-world deployments of QSC and the development of a framework for quantum-safe algorithms. Such efforts aim to ensure that cryptographic systems remain inviolable in the post-quantum era.

Standards: The First Milestone on the Path to a Quantum-Resistant Future

As quantum computing capabilities continue to advance, governments, businesses and organizations across Europe and the rest of the world should think carefully about how they prepare for Q-Day, today. In the time-sensitive race against bad actors with quantum capabilities, the transition to a quantum-resistant future has multiple stages, with the development of standards being a foundational step. Only by standardizing post-quantum cryptographic algorithms and regulatory mandates will it be possible to ultimately move away from classic encryption and instead embrace post-quantum cryptography to address emerging quantum threats.