The age of quantum computing is dawning upon us. Its capabilities both scare and excite scientists.
"Quantum computing is going to change the parameters of cybersecurity. Classic cryptography is the backbone of much of what we do, and quantum is going to change that considerably," James Andrew Lewis, an expert at the Center for Strategic and International Studies, said. He was moderating a discussion about quantum cryptography and where it will take us with some prominent experts in the field.
And here's what we learned.
How far are we from quantum reality?
Quantum computers rely on coding information in a fundamentally different way and with different behavior than classical computers. They take advantage of the fact that subatomic particles can exist in more than one state simultaneously – so one, zero or both at the same time. As Visual Capitalists put it, the consequence of this superposition is that quantum computers can test every solution of a problem at once.
Dustin Moody, a mathematician and project lead for the Post-Quantum Cryptography (PQC) project at the National Institute for Standards and Technology (NIST), believes that a large-scale quantum computer is approximately a decade away. Scientists and researchers have been building quantum computers for many years, and the progress is visible.
"We have seen companies like IBM, Google, and others having announcements of progress in the number of qubits and other metrics. They are still relatively small scale in terms of the impact they would have on cryptography. They are big enough to make some applications. I would say, in terms of having a large-scale quantum computer that would do all sorts of computation, we are maybe a decade or more away. We still have a little bit of time," he said.
Lisa O'Connor, Managing Director of Global Security Research and Development at Accenture, reckons that we may be closer to quantum computing than we think. To process more qubits and impact cryptography at a scale, we need more processing power.
"But I think we have to go back and look at cyber threats. That is our lens for thinking about readiness and getting prepared for this inflection point where we will be vulnerable in our cryptography. It does not take solving all, it takes targeted focus, and it takes targeted focus at adversary going after that communication or that thing. Everyone has to appreciate what the threat is against business, nation-states, other things, and then think about what investments are being made and what that feels like," she said.
CTO of Security Research at IBM Josyula Rao also emphasized that there are quantum computers already, but they do not process enough qubits and have high error rates. Therefore, they do not give an advantage over classical computers at this point.
"Traditionally, if you look at the programs that you write now, they really will not give you an advantage over classical computers. When we talk about how close we are to quantum computing, we expect quantum computers to have evolved to the level of accuracy and the level of qubits that would pose a significant threat to the IT systems we have and the cryptography we have deployed. It's not just the number of qubits, but also the error rates and the accuracy that one needs to get," he said.
What risks does quantum computing pose?
Even though large-scale quantum computers might be a decade or more away, experts agree that it poses a risk today.
"We need to think broadly of where cryptographic methods are embedded in many things that we do in our business processes, our communications, identity, let alone encryption. We have to look at where all of those methods are that could be vulnerable. And so when we hit that inflection point, we are faced with a lot of risk to those services," O'Connor said.
Moody explained that it would have a disruptive effect on public cryptography. Many cryptosystems, he said, are broken down into two different types - public key or asymmetric and symmetric key cryptography.
"The impact on public-key cryptography is quite dramatic. A large-scale quantum computer would completely break all the public key cryptosystems that we use today. That's part of the challenge that we will need to replace those algorithms with new resistant cryptosystems completely. Symmetric cryptosystems will also be impacted, just not as drastically," he said.
Rao also reckons that we should already be preparing for when the quantum computer comes.
“The threat is today. The impact is something that is going to happen in the future. We are using traditional key cryptography to secure our communications, data. If this data, which is stored and secured, is harvested and set aside, we will see the impact, the risk of that in the future when quantum computing can be used to break the cryptography and reveal the secrets,” he said.
Another worrying point is that many critical infrastructure systems are upgraded not as frequently as you would expect. The critical infrastructure he was referring to may include ATMs or even mundane everyday artifacts, such as passports or credit cards.
“You look at the crypto that is deployed in all these different scenarios, the lifecycle when you upgrade this infrastructure is not as frequent as how you might replace cryptography. So you need to be able to align the updates that you make to your infrastructure lifecycles with how you upgrade the crypto,” Rao said.
Benefits of quantum computing
"Quantum computers, in general, will have a very positive impact in many scientific applications, medicine. Quantum computers are not a universal machine that will solve every problem, but for many problems, it will be very well suited," Moody said.
The exciting concept about quantum mechanics, Rao explained, is that if you measure a system's state, you can alter the information flowing on that system. It means that you would be able to tell if there was an eavesdropper listening in.
"if an eavesdropper tries to measure some of these qubits, then the state of these qubits would change, and it would be possible for the sender or the recipient to know that somebody is eavesdropping," he said.
There is no way to tell if an eavesdropper is listening in or not with classical means of communication.
Quantum computing could, for example, speed the development of vaccines or other life-saving drugs. It could also be used to sense magnetic, electric, gravitational fields, and be used for navigation.
"Quantum has some really fun properties, and depending on what quantum you are using, you can take advantage of those properties. We think about identity and how just using a very small number of qubits can catapult the quality of that identity. (...) I kick around the idea of revocation of access and revocation of data, and things could take on a whole new light if we think about what that could mean with quantum entanglement. Maybe things just disappear, and we have the ability to do that at a distance," O'Connor said.