Organizations Prepare for Cyber Attacks on Quantum Computers
Amid the houses and parking lots is the GCHQ, the government’s communications headquarters, in this aerial photo taken on October 10, 2005.
David Goddard | Getty Images
LONDON – A little-known UK company called Arqit is quietly preparing businesses and governments for what it sees as the next big threat to their cyber defenses: quantum computers.
It’s still an incredibly young area of research, but some in the tech industry, including some Google, Microsoft and IBM – believe that quantum computing will become a reality over the next decade. And that could be worrying news for the cybersecurity of organizations.
David Williams, co-founder and chairman of Arqit, claims that quantum computers will be several million times faster than conventional computers and would be able to penetrate one of the most widely used cryptography methods.
“The legacy encryption that we all use to protect our secrets is called PKI,” or public key infrastructure, Williams told CNBC in an interview. “It was invented in the 1970s.
“PKI was originally designed to secure the communications of two computers,” added Williams. “It was not designed for a hyper-connected world where there are a billion devices all over the world communicating in a complex cycle of interactions.”
Arqit, which plans to go public via a merger with a blank check company, includes BT customers, Sumitomo Corporation, the UK government and the European Space Agency. Part of his team previously worked for GCHQ, the British intelligence agency. The company only recently emerged from “stealth mode” – a temporary state of secrecy – and its stock exchange listing couldn’t be more timely.
The past month has seen a series of devastating ransomware attacks against organizations from Colonial pipeline, the largest fuel pipeline in the United States, at JBS, the the world’s largest meat packer.
Microsoft and several US government agencies, meanwhile, were among those affected by a attack on the computer company SolarWinds. President Joe Biden recently signed a decree aimed at strengthening US cyber defenses.
Quantum computing aims to apply the principles of quantum physics – a body of science that seeks to describe the world at the level of atoms and subatomic particles – to computers.
While computers today use ones and zeros to store information, a quantum computer relies on quantum bits, or qubits, which can consist of a combination of ones and zeros simultaneously, which ‘one calls in the field the superposition. These qubits can also be linked together by a phenomenon called entanglement.
Put simply, this means that quantum computers are much more powerful than machines today and are able to solve complex calculations much faster.
Kasper Rasmussen, associate professor of computer science at the University of Oxford, told CNBC that quantum computers are designed to perform “certain very specific operations much faster than conventional computers.”
This does not mean that they will be able to solve all the tasks. “It’s not a question of, ‘It’s a quantum computer, so it runs whatever applications you put on it much faster. “That’s not the idea,” Rasmussen said.
This could be a problem for modern encryption standards, experts say.
“When you and I use PKI encryption, we solve half of a difficult math problem: primary factorization,” Williams told CNBC. “You give me a number and I figure out what the prime numbers are to find the new number. A classical computer can’t break it, but a quantum computer will. “
Williams believes his company has found the solution. Instead of relying on public key cryptography, Arqit sends symmetric encryption keys – long random numbers – through satellites, which he calls “quantum key distribution”. Virgin Orbit, which invested in Arqit as part of its SPAC deal, plans to launch the satellites from Cornwall, England, by 2023.
Some experts say it will be some time before quantum computers finally arrive in a way that could pose a threat to existing cyber defenses. Rasmussen doesn’t expect them to exist in any meaningful way for at least 10 years. But he is not complacent.
“If we accept that quantum computers will be around 10 years from now, anyone with the foresight to record important conversations now might be able to decipher them when quantum computers emerge,” said Rasmussen.
“Public key cryptography is literally everywhere in our digitized world, from your bank card to the way you connect to the internet, to your car key, to IOT (Internet of Things) devices,” Ali Kaafarani, CEO and Founder cybersecurity startup PQShield, told CNBC.
The U.S. Department of Commerce’s National Institute of Standards and Technology seeks to update its cryptography standards to include what’s known as post-quantum cryptography, algorithms that could be secure against an attack from a quantum computer.
Kaafarani expects NIST to decide on new standards by the end of 2021. But, he warns: “For me the challenge is not the quantum threat and how can we create encryption methods secure. We fixed that. “
“The challenge now is how companies should prepare for the transition to the new standards,” Kaafarani said. “The lessons of the past prove that it is too slow and that it takes years and decades to switch from one algorithm to another.”
Williams believes companies need to be ready now, adding that training post-quantum algorithms that take public key cryptography and make it “even more complex” is not the solution. He alluded to a NIST report that noted challenges with post-quantum crypto solutions.