How to Neutralize Quantum Security Threats
(TowardDataScience) . Quantum computers are on the brink of maturity, and they’re so powerful that they can solve complex mathematical problems in minutes and threaten to shatter today’s security protocols.
With signs of progress, experts expect quantum use cases, such as simulations for research in medicine, finance, or other fields, to take place as soon as 2022. Full-blown applications should be in use by 2026, and commercial use of quantum computing should be widespread by 2030. These rojections also mean that, by the end of this decade, virtually any encryption we’re using today could be useless. In the worst-case scenario, an irresponsible pioneer in quantum computing could break into the systems of governments, enterprises, or global organizations and wreak pure havoc.
We need to think about building encryption that outsmarts quantum computers so that we can reap the benefits of these machines without letting them compromise our security.
Two different systems of cryptography exist today. The first one, symmetric or private-key encryption, is when the same key is used to both encrypt and decrypt the data. This type is used for all kinds of communications and stored data. The second system of cryptography, asymmetric or public-key encryption, is when two keys aren’t identical but mathematically linked. It’s used to exchange private keys, but also for any kind of digital authentication.
The U.S. government is aware of the threat that quantum computing poses to cryptography. In 2018, the White House published a national strategy for quantum IT, which includes goals regarding quantum security. Congress then passed the National Quantum Initiative Act, which requires the president to be advised about developments in the field as well. In addition, this act puts the National Institute of Standards and Technology (NIST) in charge of checking up on quantum development, notably quantum cybersecurity.
The NIST has taken its role seriously: By 2022, it aims to publish a new set of standardsfor post-quantum cryptography. These standards would include algorithms that even quantum computers can’t crack.
the World Economic Forum suggests, we also need to build a so-called quantum literacy among government officials. This training would make them less dependent on constant advice and allow them to make fundamental decisions faster. This guideline doesn’t only apply to the government, though. Enterprise leaders should be fluent in quantum technology too.
For businesses, there are important preparatory steps that go beyond educating their leaders and adopting security protocols. Enterprises should aim to get their whole infrastructure and their products crypto-agile, i.e., able to adopt new security protocols as soon as they become available.
As with most worst-case scenarios, a quantum security apocalypse is not the likeliest of all cases. The fact that the U.S. government is investing heavily in post-quantum security and that top tech firms are involved in the development of new protocols is reassuring. Still, you shouldn’t pretend that the threat doesn’t exist for you.
NOTE: Excellent and lengthy article to share with business and enterprise colleagues.