The time to prepare for a safe quantum computing future is now, argues Chris Erven, CEO, KETS Quantum Security. Why? "For the simple fact that, in today's world, we don't go 30 seconds without touching digital technology of some kind, all of which is networked, none of which is quantum-safe. We know that quantum computers will be experts at breaking the security of our current digital infrastructure. We need to upgrade this to be quantum-safe now."

He points to the 'Mosca equation' (posited by Michele Mosca of the Institute for Quantum Computing) to summarise when we need to worry about upgrading our cyber security.

This equation is given by:

x+y> z

where:
= x = the security lifetime of our data
= y = the time required to upgrade to quantum-safe systems
= and z = the time to build a quantum computer.

"If it is going to take 10 years to upgrade and you want, for example, your online medical records to be secure minimally for 15 years - meanwhile a quantum computer is built in the next 5-10 years - then it is already too late! Best case, your sensitive data will effectively be unencrypted and in the clear for 20 years. And this 'store now, crack later' attack has been going on for years."

Soon, he says, we will be living in a world where most of our current forms of cryptography will be useless, because investment and developments in quantum computing are only accelerating. "What is more, we likely won't know when this happens, because a quantum computer capable of doing this represents such a huge advantage, those who own it will keep it secret."

The good news, though, is that we are not defenceless. "Computer scientists, physicists, and engineers have been working hard on new quantum-safe methods." Two of the biggest tools he identifies for the new quantum-safe toolbox are:

• post-quantum cryptography (PQC) algorithms - new algorithms conjectured to be immune to a quantum computer's processing capabilities
• and quantum cryptography (QC) - new quantum hardware that has been proven to be immune to a quantum computer.

What difference will this make to computing security? "Well, we will have to upgrade," he points out. "Think the Y2K bug, but less hype and more well-reasoned concern. And this upgrade will need to occur both at the software and hardware level."

Dave Bestwick, Arqit: not all forms of encryption will be obliterated. Symmetric encryption keys are not susceptible to quantum attack.

What can be done to ward off this apocalyptic scenario? "At the highest level, we need our telecommunications infrastructure to be upgraded. This is behind the EuroQCI Initiative, which aims to build a secure quantum communications infrastructure that spans the EU. Similar initiatives exist now in the US, UK, China, South Korea and Japan."

FIRST ACTIONS TO BE TAKEN
At the organisation level, the first things that need to be done are:

• Recognise the problem
• Put resource behind it
• Perform a quantum-safe health check
• And develop your organisation's quantum readiness roadmap.

Lastly, get involved in early innovation projects, he advises. "These new methods are different. PQC algorithms generally require more memory or are slower, while QC methods involve new hardware - these will have implications for your organisation. The best way to figure out the implications is to start experimenting with these new tools. Conveniently, this is the number one aim of the testbeds being built - to engage with end-users!"

And you don't need a huge team of scientists is Erven's reassuring message. "A small team is more than enough to partner with the cutting-edge start-ups and SMEs pioneering quantum-safe solutions. Together, we can ward off the digital security apocalypse and continue to thrive as a civilisation, using a quantum-safe version of the secure, connected, information infrastructure that has contributed so much to humanity's rapid developments of the last 35 years."

BLOODHOUNDS ON THE TRAIL
According to Roger Grimes, data driven defence evangelist at KnowBe4: "Your competitors or nation states could be sniffing your currently protected network traffic, waiting for the day a few years from now when they can use quantum computers to crack your existing encryption. As we have seen, various nation states have no problem attacking every commercial company possible, if it contains intellectual property of interest or even simply to steal money.

Chris Erven, KETS Quantum Security: we will soon be living in a world where most current forms of cryptography will be useless.

It is going to take any organisation many years to fully prepare for the necessary post-quantum transition. "So, even if you started now, it would be years before your data was protected. And any organisation that either has sufficiently capable quantum computers now or in the near future, that wants your confidential data, could have an incentive to sniff your data now… or during the years of preparation you will require to get to post-quantum protections."

Grimes' advice? "Every organisation should begin immediately taking a data protection inventory. It starts by identifying all confidential data and the systems and cryptography that protect it. That means recording encryption, digital signatures and hashing algorithms used to encrypt, sign and verify content, along with key lengths. This sort of inventory should have already been done, but almost no one has done it.

"Creating it and maintaining it will be useful and valuable for the post-quantum migration and any other crypto migration afterward. The hardest part is the original data collection. Maintaining it is not nearly as hard. But that original data collection is likely to take many months, if not years, for most organisations. And, regardless of the quantum issue, simply understanding your cryptography state will lead to better crypto-agility and that will pay huge benefits forevermore. But you need to get going now. Data protection inventory and agility is not easy, and it takes a long time. So, get started now. Post quantum is your first valid reason."

From the data protection inventory, what happens next? "You then determine what data needs to be protected more than a few years, which is not protected with quantum-resistant cryptography," Grimes advises. "In some cases, like with symmetric encryption and hashes, it might mean simply increasing key lengths. And in others, like with asymmetric encryption, key exchanging and digital signing, it will mean replacing it with a quantum-resistant solution.

"Those solutions include post-quantum encryption, physical isolation, quantum key distribution and other quantum devices, like quantum random number generators. There is a coming Y2K-like problem… and really it is already here and people do not realise it."

NEXT MAJOR MILESTONE
There have been quite a few predictions about how quickly quantum computing will arrive. But whatever the exact date and time, it's clear that not just one, but two races have already begun, says Timothy Hollebeek, industry technology strategist, DigiCert. "The recent few years have exponentially accelerated the development of quantum computing, with a variety of breakthroughs and a number of grandstanding announcements from tech giants that they would be heavily investing in the area. Even in 2020, pandemic notwithstanding, quantum technology was striding ahead. The breakneck speed of quantum acceleration has kept up through 2021, too."

Roger Grimes, KnowBe4: every organisation should begin immediately taking a data protection inventory.

For all those developments, Hollebeek sees the next major milestone will be when someone solves a problem with quantum that a conventional supercomputer simply cannot. "But even when that day comes, it won't mean that RSA or ECC encryption are in direct threat. Although quantum can break them, it would still require large quantum computers to do so."

Even when they're commercially available, quantum computers and technology will likely be prohibitively expensive to most, he adds. "What these ever-accelerating series of developments are likely to do is act in the same way that Moore's Law accelerated the development of classical computing. Each new development will further hasten the pace towards quantum technology, driving investment and innovation in the direction of more powerful quantum computers."

That's one race between researchers, scientists and organisations. "There's a more urgent race, too - between individual organisations' cryptography and the quantum algorithms which will be able to break current cryptography. The reality is we don't know exactly when quantum is going to become a threat and, as such, organisations need to start preparing."

That means getting to grips with Post-Quantum Cryptography (PQC). "Indeed, organisations can begin adopting hybrid RSA/PQC certificates and, critically, testing them in their own environments now."

But there's a more fundamental element that Hollebeek singles out when it comes to being ready for the arrival of quantum. "The threat that quantum poses to current cryptography won't just necessitate stronger algorithms, but will likely mean that organisations have to become a lot quicker on their feet when it comes to cryptography. Crypto-agility is a concept which organisations must start working towards quickly. Quantum threats will likely need a diverse array of algorithms to protect against and organisations will need to swap out encryption algorithms on the fly as security demands. That will be a significant task for most companies, involving a fundamental reshaping of how they do cryptography. Quantum threats, however, demand it."

HUGELY DISRUPTIVE TO OUR DIGITAL WORLD
A five-to-10-year timeframe for quantum computing to become a reality is probably overly pessimistic, given the monumental investment by businesses, governments and investors around the world, states Dave Bestwick, CTO of quantum cryptography specialists Arqit. "Only recently, we witnessed another company, PsiQuantum, attain unicorn status and raise huge amounts of investment to bring a quantum computer to market within the next few years."

Businesses therefore need to be considering their options today, he cautions, because not only are malicious actors busy stockpiling data to decrypt as soon as quantum computing emerges, but also swapping from PKI to quantum encryption takes time.

Timothy Hollebeek, DigiCert: being ready means getting to grips with Post-Quantum Cryptography (PQC).

"Quantum computing will be hugely disruptive to our digital world, as it will undermine the basic security foundations of the Internet," Bestwick points out. "Most internet communications are secured by PKI and quantum computers can break this method of encryption within minutes. Companies that own valuable patents, highly sensitive government data underpinning critical infrastructure and defence will all be vulnerable; as will bank details, health records and even cryptocurrency."

However, not all forms of encryption will be obliterated: symmetric encryption keys are not susceptible to quantum attack, he confirms. "This approach is endorsed by the American Encryption Standard (AES). However, until recently several barriers to adoption existed, most notably the problem of secure key sharing. Quantum key distribution can solve this problem, but its use over fibre networks is limited by signal absorption, which constrains practical key distribution to distances of less than about 150km."

This posed a problem for exchanging keys over larger distances, but this challenge has been eliminated recently with innovation from companies like Arqit, he asserts, which has "developed a way for quantum key distribution to take place over satellite systems to secure digital communications globally".

Bestwick is under no illusions that the menace from quantum computers is a clear and present danger, as it threatens to undermine PKI, which today forms the foundations for most secure digital communications. "However, innovations in the area of symmetric encryption mean that there is a way to avert disaster, but businesses need to act promptly to protect their data today and in the future," he concludes.