(EuropeanSting) Jaya Baloo, Chief Information Security Officer at Avast. Jaya has been working in the field of information security, with a focus on secure network architecture, for over 20 years and sits on the advisory boards of the Netherland’s National Cyber Security Centre, PQCrypto and EU Quantum Flagship’s Strategic Advisory Board. She is currently a member of the World Economic Forum’s Global Future Council on Quantum Computing.
For many years, the quantum threat to cryptography was considered theoretical. However, with recent advances in building a physical quantum computer, Jaya believes we are not far from our currently used cryptographic algorithms breaking down.
IQT-News here summarizes a recent interview the World Economic Forum conducted with Jaya.
Why do we need a tighter focus on encryption as a guarantee of privacy and online safety?
Cryptography is at the heart of our global internet economy from online banking to guarding intellectual property as well as the more foundational need to have secure and private communications between individuals. It guards human rights but also supports national security. It always makes me think of a quote by Benjamin Franklin, that “those who would give up essential liberty for a little bit of temporary safety deserve neither liberty nor safety”, which speaks to the tension between national surveillance capabilities versus individual privacy needs. We need good, strong, well tested cryptography without backdoors in order to protect a free and democratic society.
How could developments in quantum computing disrupt this?
The promise of quantum computing is that very long held and difficult scientific problems will be solvable in a novel way. Our current cryptography is based on difficult math problems, such as integer factorization and discrete logs, which would take our current computers a very long time to solve. However, a quantum computer of sufficient scale can speed up the solving of these problems so significantly that it will effectively break our currently used cryptographic algorithms.
What actions are required to enable a secure and sustainable transition to the quantum economy?
First things first, we need to know where we use our current cryptography and for what purpose. Most organizations have no idea what their cryptographic resources are and how it enables daily operations. Once we’ve completed that inventory, we need to figure out how to transition to new post quantum algorithms which are a new set of algorithms that will still be resistant to a quantum computing attack, while potentially also looking for very specific opportunities to deploy something called quantum communications (secure communications links based on the principles of quantum mechanics).
What would be your advice to policymakers and other cybersecurity experts to achieve this?
Although it would be wonderful if everyone just voluntarily adopted best practices habitually, I fear we require some regulatory framework and national strategy to make sure that the most vulnerable and critical parts of our economy are quantum ready. My biggest concern is the time we have left to transition to a secure post quantum future. It’s important to be able to embrace the benefits of quantum computing and quantum technologies to advance our society while managing any potential downsides from the weakening on cryptography. Since there is such a strong strategic and national security advantage in terms of surveillance capabilities, I fear that certain infrastructure and software will find its way onto the **Wassenaar Arrangement on export controls for conventional arms and dual use goods and technologies.
**The Wassenaar Arrangement has been established in order to contribute to regional and international security and stability, by promoting transparency and greater responsibility in transfers of conventional arms and dual-use goods and technologies, thus preventing destabilising accumulations. The aim is also to prevent the acquisition of these items by terrorists.
Participating States seek, through their national policies, to ensure that transfers of these items do not contribute to the development or enhancement of military capabilities which undermine these goals, and are not diverted to support such capabilities.