At Netprofile, we are deeply entrenched in technology-related marketing communications. To stay ahead, we occasionally delve into the latest phenomena, even beyond client tasks. Recently, I had the opportunity to explore why we will soon need quantum cryptography. Read on to take a step towards the quantum era!
Together with my clients, I have produced a staggering amount of cybersecurity-related content, ranging from articles and blogs to extensive guides and reports. The topic has always been a favorite for my nerdy soul. Hence, I carved out some calendar time for a deep dive into the exciting world of quantum cryptography and attended the Finnish National Cybersecurity Center's seminar.
The top experts on stage explained the connection between quantum computers and encryption algorithms in an easy-to-understand manner. They made it clear that every company must start preparing for the advent of quantum computers. Not only for business benefits but also for cybersecurity.
In the coming years, quantum computers – powered by qubits – will bring tremendous new opportunities to nearly every industry and scientific research. The so-called "quantum advantage" is estimated to be reached no earlier than ten years from now. It means a historic moment when a quantum computer outperforms the best conventional supercomputer.
Theoretically, at the same moment the quantum advantage is achieved, all currently used internet encryption technologies will crumble.
The quantum threat emerged already in 1994 when mathematician Peter Shor published the quantum algorithm bearing his name. Astonishingly, this happened at a time when quantum computers were mere fantasy!
With Shor's algorithm, a quantum computer can rapidly solve extremely complex mathematical problems, such as those that current encryption algorithms rely on, known as asymmetric keys. For a conventional computer, such a computational task is practically impossible.
Oddly enough, Shor's algorithm has served as both a threat calling for a wake-up and an inspiration for the construction of quantum computers. One among the inspired is Finnish IQM Quantum Computers, a leading quantum computer manufacturer. At the seminar, the company's security and defense director, Jouni Flyktman, told that it is yet uncertain what level of performance a quantum computer will need to break encryptions successfully.
The average estimate is 20 million physical qubits, operating almost flawlessly. If the projected pace of quantum computer development persists, the critical threshold could be reached in as little as 12 years. The timeline will become more precise in the next few years.
I was particularly eager to hear what Matthew Scholl, Chief of the Computer Security Division of the renowned US National Institute of Standards and Technology (NIST), had to say. Initially, he mentioned that, for now, we can confidently transmit confidential information over networks, even if we can't trust the cables throughout the journey. We can securely share information with business partners, use online banking, shop online, browse personal health records, or send anything digital to loved ones.
"So why should we care about the quantum threat now when it is not yet upon us? If I were a cybercriminal, I would already be storing encrypted web traffic of interesting targets and waiting for the day when I can decrypt them."
So, real-life quantum thieves are a bit different from the gripping novel by Hannu Rajaniemi. They are unlikely to get their hands on sufficiently advanced quantum computers anywhere among the first, but eventually, they certainly will. At that point, it will be too late to ponder how to ensure data security if the encryption's "best before" date is in the past.
The conclusion is that quantum computing will also revolutionize cybersecurity. Scholl urged us to start learning, analyze threats, and choose which currently confidential data must remain confidential for years to come.
Top expert Suvi Lampila from cybersecurity firm SSH Communications Security debunked dangerous misconceptions. For instance, many believe quantum-resistant encryption is only needed for quantum computers. This is not the case; on the contrary, it is needed for all regular computers and communications.
Will we fall under the mercy of qubits? No, thankfully, as cyber experts are currently working on new encryption technology. It is misleadingly coined "post-quantum cryptography" (PQC).
NIST initiated development back in 2016 by launching a broad PQC algorithm competition. Nearly a hundred proposals were submitted. In the elimination rounds, algorithms were rigorously tested, and a handful of finalists were selected in 2022. Now, they have been through acid tests, and the results look promising.
In April, NIST will host a workshop. If all goes as expected, as many as three new quantum-resistant encryption algorithm standards will be released in summer 2024.
Will CRYSTALS-Dilithium or BIKE emerge as the favorite among quantum algorithms?
However, standards alone are not enough. They must be swiftly adopted on a large scale, which is why NIST began assembling a broad consortium in 2021 to prepare the world for the transition to quantum-secure encryption. Key companies have been invited to join, including SSH. Finland has also established a similar national organization, PQC Finland.
Encryption algorithms may seem distant in our daily lives. Yet they are close to us everywhere. They operate unnoticed in smartphones, computers, browsers, wi-fi access points, fixed modems, mobile networks, applications, cloud services, and every corner of the internet worldwide. When new encryption resilient to Shor's algorithm appears in all these areas, we can declare: Welcome, the quantum era!
Do you want to learn what kind of digital security content for decision-makers and experts Netprofile can produce for your business? Contact us, and we'll be happy to tell you more!