Cybersecurity in an era with quantum computers: will we be ready?

 

Dr. Michele Mosca reminds us an unfortunate truth as laid bare by Max Planck

“A new scientific truth does not triumph by convincing its opponents and making them see the light, but rather because its opponents eventually die, and a new generation grows up that is familiar with it.”

Quantum Computing is an area where time is of critical importance. Quantum Computing is fundamentally different enough that the cryptographic systems developed to defeat or delay a traditionally computing adversary become useless. This difference means that traditionally secured data will become insecure very quickly following the development of quantum computing. All security provided by encryption at that point starts to decay rapidly. With this in mind the question we should ask now is, how long does our data need to stay secure, how long will it take to replace all our data security and is that less than the time it will take to develop a functional quantum computer?

Replacing all security is very far from an overnight fix, it is not a patchable problem. We are not at the stage of accepting a solution for quantum-safe cryptography. Accordingly, we are far from building, testing and implementing reliable solutions that provide dependable security. We could be ten, fifteen, or more years away from a solution being in place that makes quantum computers not a threat to the security provided by cryptography. Dr. Mosca estimates a 1/7 chance of breaking RSA-2048 by 2026 and a 1/2 chance by 2031.

This warrants concern, the value of data is only going to increase in the next decade and that value is largely dependant on the integrity and confidentiality of that data. We are then at a point of there being a 1/7 chance that systems critical for society (Finance, Health, Taxation, National Security) being laid bare due to a total data security failure.

Dr Mosca makes the point that “Quantum-safe cryptography is a necessary part of cybersecurity in an era with quantum computers. ” The practical truth of this is that as security is designed around the minimization and mitigation of risk means that as Quantum computing becomes possible security planning requires devising mitigation strategies. A Quantum computing breakthrough is possible, and in a 10-year strategic planning timeframe it becomes increasingly probable.

Figuring out how to mitigate this risk is something that clearly needs to start now.

 

 

Mosca, M. (2015). Cybersecurity in an era with quantum computers: will we be ready? IACR Cryptology ePrint Archive, 2015, 1075.

https://arxiv.org/abs/1702.06715