The power of Quantum Physics
CW TEC Guest Blog
There are billions of connected computers and mobile devices around the world, all (we hope) following the same classical computing principles and relying on similar security to protect our information. But computers that embrace the power of quantum physics are closer than you might think, making the leap from theory to reality at universities and in the research labs of Google, Microsoft, and IBM.
On July 7, Google announced that it is publicly experimenting with its own version of quantum resistant algorithms in a beta version of Chrome (Canary). While most people have trouble wrapping their heads around how a computer designed to exploit the laws of quantum physics will work, there is no denying that quantum computers will change how we perceive digital security in significant ways. Google’s decision to begin publicly testing algorithms reflects that, for the digital products and solutions we use every day, there will be easily understood impacts that result in practical and far-reaching concerns.
In the hands of attackers, a quantum computer will access systems that have defenses in place and do unprecedented damage. Here’s a small sample of the many online transactions, now commonplace, which are at risk:
- Commerce and electronic banking
- Institutional financial transfers
- Corporate and government VPN networks
- Cars with embedded systems
- Personal Identity information
It is already possible for an attacker to intercept and store protected data with the intention of later using a quantum computer to decrypt it. The Information and Communication Technology (ICT) industry needs quantum resistant security solutions for conventional computers today. Without them, all data protected by accepted security standards alone is vulnerable.
While some parties still believe a practical quantum computer is a distant eventuality, there are those of us who see rapid technological and research advances bringing the timeline to a decade or less. Our experience has shown that the time required to solve complex technology problems will almost always compress.
The type of practical exercise Google is undertaking is essential because commercial quantum-resistant solutions need to be available within 5 to 7 years to allow organizations to budget for, plan, and test infrastructure upgrades. ICT vendors need to have the fundamental building blocks (new cryptographic primitives) and modules available to them within 3 to 5 years so that they can incorporate quantum-safe measures into their products and get them to market.
The good news is that there is cutting edge research already happening to develop practical cryptographic systems that have never been used before. But with a strong chance that the years to a quantum computer (the ‘Y2Q’ timeline) is under a decade, there needs to be an even greater emphasis on quantum risk management, starting in governments and large organizations.
Those responsible for sensitive data that needs protection now should be assessing how to upgrade their systems with efficient, quantum resistant solutions. Ideally, solutions will be well vetted for integration into a variety of existing products, protocols and cryptosystems to protect information against emerging quantum threats.
At ISARA, our philosophy is that there should be no PhD required to understand the real security risks posed by quantum computers, and definitely no PhD required to become quantum safe! People rely on and place trust in technology they don’t understand, and that trust should not be betrayed. As increasingly complex technologies become common, we typically adapt to them, find new ways to integrate them into our lives, and invent new ways to protect their information in a digital world, usually after compromises have already happened.
This time, we have the opportunity to use our understanding of the security risks of quantum computing to protect our information before it’s too late. We all need to play whatever part we can in the push for new, practical solutions that prepare us for the quantum age.
About ISARA Corporation
ISARA is a security solutions company that offers solution providers quantum computer-resistant products to make vulnerable hardware and software compliant with quantum safe standards through low cost upgrades. ISARA is part of a global collaborative effort to raise awareness of the potential for quantum threats, and design and implement quantum resistant solutions that will work globally.
Michael Brown, CTO will be speaking at CW TEC on 14th September ‘The end of cryptography as we know it” – to register your place head to our website