Security in the Time of Quantum – How to Mitigate Risks and Gain a Competitive Edge?
While technological developments around quantum computers will bring unimaginable new opportunities for societies and businesses, they will also hold the computing power to pose a threat to classical cryptography and security of critical data and communications. Preparing for the threat arising from the misuse of quantum technology is not a contingency plan, but a crucial requirement and a potential competitive edge.
How quantum computers will threaten cyber security – even before they fully exist
Quantum technologies are advancing at a fast pace and the quantum race is picking up as governments and companies around the world get closer and closer to quantum computers. If fallen in the hand of offenders, some of these early machines can potentially turn into a cryptographically relevant quantum computer (QRQC) - a device that’s capable of attacking real world cryptographic systems. Companies that handle valuable data need to start preparing for the next generation of cyberthreats arising from quantum computing by upgrading encryptions well before an effective quantum computer is up and running.
Once the technology exists, it is only a question of time for it to be widely available also to those willing to abuse it. Whether it is foreign governments, criminal enterprises, or rogue hackers attacking encryptions to access sensitive data, quantum computers will exponentially grow their firepower making cyberattacks faster and more efficient and leaving entire societies vulnerable if preparations are overlooked.
Quantum brings unforeseen opportunities to the industry
Research into different quantum-phenomena based technologies is continuously creating new innovations with revolutionary application potential for many industries. New technology areas, in addition to quantum cryptography, include for example:
- Quantum sensing and timing devices
- Quantum navigation
- Quantum imaging
- Quantum computing
- Quantum communications
Although research has advanced at varying paces for the different technology areas, it is safe to expect that a host of emerging quantum phenomena -based applications will be adopted in both civil and military contexts. However, one of the most pressing challenges in the industry is to quantum-proof technologies and systems that are already in use.
As we prepare for the arrival of quantum computers, we need to start by looking for new quantum-resistant solutions for technologies that we already use and depend on today.
Cryptography that is used in communications, certifications, and data protection today is all based on mathematical problems, that are nearly impossible to solve for classical computers, but will be easy to break with a quantum computer. So, as we prepare for the arrival of quantum computers, we need to start by looking for new quantum-resistant solutions for technologies that we already use and depend on today.
What is post-quantum cryptography (PQC)?
- The goal of post-quantum cryptography or quantum-resistant cryptography is to develop cryptographic systems that use classical non-quantum mechanisms, but which are secure against future quantum computers.
- The development of post-quantum cryptography aims to replace existing solutions that are vulnerable to quantum threats with new, quantum-resistant methods.
- Work to solicit, evaluate, and eventually standardize quantum-resistant public-key cryptographic algorithms is currently taking place around the world and the efforts are led by National Institute of Standards and Technology (NIST) in the United States.
- In Finland, VTT led a multi-year PQC-project that aimed at investigating the possibilities, limitations, and uses of existing quantum-safe methods and to develop completely new ones.
No time to spare – new encryptions can be needed sooner than we think
There is no clear timeline for when the first cryptographically relevant quantum computer will be in use. However, the development in recent years has been fast. According to the U.S. Department of Homeland Security, cryptographical relevance will not be achieved before 2030, but what happens after that is unsure. Especially the fast development of error correction indicates that being prepared by 2030 is a wise choice. An exponential increase in computing power will pose a risk to many industries from defence to healthcare and from critical infrastructures to autonomous systems.
“Data that is protected by classical cryptography can be stolen, stored, and used later, once quantum computers become capable of breaking through the cryptography. Because of this scenario we need to start working on quantum-safe cryptography now to minimise the chance of a potential risks,” explains Visa Vallivaara, senior scientist at the applied cryptography team at VTT and former guest researcher in the post-quantum cryptography standardisation team at the National Institute of Standards and Technology (NIST).
Those who start preparing early will avoid a situation where upgrades need to be done in a rush or once information may have already been compromised.
How to mitigate the risks related to inappropriate use of quantum computers? From abstract threat to concrete measures
Mitigating risks early is important as the potential consequences of compromised information can have long-term implications for national security. More complex the systems, more planning is needed to allow for seamless and secure upgrades.
“The most urgent priority for companies is to explore what the emergence of quantum computing means to them, their operations, and their data. Those who start preparing early will avoid a situation where upgrades need to be done in a rush or once information may have already been compromised,” Vallivaara says.
Every organisation that uses and stores sensitive data should start working on a preparation plan that consists of quantum risk assessment and mapping of critical data. This includes:
- exploring which encryptions need to be upgraded
- which algorithms to use
- what hybrid solutions are available
Once this understanding exists, it is possible to start planning how to safely implement changes and upgrades. Preparing for the threat driven by misuse of quantum computing is not only a contingency plan, but a potential competitive edge. This is particularly relevant for military systems, which often have long life cycles meaning that many currently existing systems and devices are likely to be around to witness the arrival of the quantum era.
Preparing for the threat driven by misuse of quantum computing is not only a contingency plan, but a potential competitive edge.
“Being able to tell your customer or partner that you can safeguard their data against quantum threats can set you apart from the competition. It will likely be rather sooner than later when governments and organisations will start demanding quantum-safe encryptions,” Vallivaara estimates.
Time to start preparing for post-quantum computing era – we have the expertise your company needs
VTT built Finland’s first quantum computers together with leading industry partners, but we also have decades of experience in technologies that come together to respond to the challenges arising from the misuse of quantum technology.
We have decades of experience in technologies that come together to prepare for the threat arising from the misuse of quantum technology:
- cybersecurity
- quantum components and subsystems
- communications technologies
- measuring and evaluation
With decades of expertise, we have the industry understanding to be a strategically relevant partner in analysing and tackling emerging security threats specific to industries like banking, healthcare and defence. We specialise in real-world applications – those that create solutions and value to companies already in the short- and medium-term.
We specialize in real-world applications – those that create solutions and value to companies already in the short- and medium-term.
Now we bring our range of expertise together to guide organisations through the challenges of data protection and post-quantum cryptography. We have the relevant facilities and procedures for the handling of classified information. We work with our customers and partners to find the most effective and secure options and to work through evaluation and implementation.
Want to learn more about the challenges the quantum revolution poses to cryptography and how you should prepare? Read our blog on the 7 steps to quantum secure cryptography.