The quantum computer revolution: here tomorrow, so we must prepare today

This article is brought to you thanks to the collaboration of The European Sting with the World Economic Forum.

Author: Phil Quade, Chief Information Security Officer, Fortinet


• The impact of quantum computing on internet security will be so great we must start planning now.

• The impact of quantum computing on internet security will be so great we must start planning now.

• Its exponentially higher processing power will render widely used cryptography obsolete.

• ‘Security agility’ – crypto agility – is a key concept in being quantum-ready.

Strategic thinking has enabled many of mankind’s greatest successes. But when some leaps are just too big for a single bound, or seem too far into the future, strategic acting – incremental, consistent decision-making consistent with a long-term vision – can serve as an enabler for future success.

While an operationally viable quantum computer seems beyond the horizon to most, the steps needed to prepare for its inevitability are indeed within sight. We need more advanced planning in cyberspace to prepare for the impact of quantum computing, where, without some changes, it will undercut all internet integrity and confidentiality – an economic and social disaster. This is where strategic acting can come into its own.

A quantum computer is radically disruptive; it will use a different method to represent and compute information, allowing much, much faster speeds. It’s not just evolutionary, but revolutionary. Quantum computers will be as revolutionary in this century as computers were to last century’s mechanical calculators. They’ll be built by, essentially, leveraging the properties of atoms we studied in physics class. They can be millions of times faster.

A quick primer on internet security foundations might help us understand this disruptive potential.

Confidentiality, Integrity and Authentication – of people, machines, software and data – underpin all internet security (and undermines it when poorly implemented); cryptography – the use of mathematical equations to protect information – is at their foundation:

• Confidentiality (e.g. scrambling data to render it private)

• Integrity (e.g. preventing attempts to falsely change “deposited $100” to “deposited $10,000”)

• Authentication (e.g. verifying the identity of the person you’re communicating with)

How does something as important as cryptography work? A good analogy is a combination lock on a high-school locker. (In this analogy, the padlock is the cryptographic “algorithm”, and its secret numbers are the cryptographic “key”.) Combination locks have two security functions: lock – a simple mechanism that requires you to do nothing more than push it together to close/secure; unlock – a relatively complex mechanism that relies on secret numbers provided to the lock through a clockwise/counter-clockwise motion. That’s what well-designed and implemented cryptography is: a mechanism to easily apply the security, but completely impractical to guess unless you know the key to unlock it.

But once an operationally viable quantum computer is produced, it can guess the possibilities at a substantially faster rate: exponentially so.

If you tried to read a cryptographically scrambled message by guessing the cryptographic key with today’s fastest computers – even working together – it is not practical. The mathematics of cryptography triumph over computer science. Cryptanalysts may try to use supercomputers (combined with mathematical insights), but it’s completely impractical to brute-force a modern crypto algorithm’s key, which is why cryptography serves as the foundation of security.

For decades, engineers made computers with more computational power by either speeding up the time it takes a processor to evaluate each individual binary possibility, or adding multiple processors that look in parallel at different possibilities. In theory, with enough speed and parallel processing, you could test all possible lock combinations (the cryptographic key).

But manufacturing complexities create a practical limit to the first approach. And the second technique, parallel processing, becomes prohibitive due to processor costs and the expense to power and cool them (they melt or otherwise malfunction when running fast and in close proximity).

Therefore, well-designed and implemented cryptography is far beyond the reach of fast/parallel processor supercomputers’ ability to guess each possibility.

But quantum computers can make many more guesses at once. Sometimes resulting in exponential (the doubling, of a doubling of an amount, etc.) increase in processing power, rather than the incremental increases possible with traditional computers. Importantly, certain kinds of mathematical problems are well-suited for a quantum computer.

Most believe an operationally viable quantum computer – one that is both reliable and has a useful number of qubits (the data units of quantum computers) – is five to 15 years away and that a handful of countries are pursuing that goal.

We need to prepare now. This is how:

1. Make “security agility” part of your operational security doctrine. When purchasing cybersecurity in the next two to five years, tell your providers you want “crypto agility”, i.e. the seamless ability to swap to “quantum-resistant asymmetric cryptographic algorithms” when available.

2. Adopt quantum-resistance cryptographic algorithms when available. Ideally, use a standard quantum-resistant algorithm several years before a quantum computer is thought to be available, because:

• Uncertainty: Quantum computer availability is unknown (the most advanced research on them is classified).

• Interoperability: There needs to be a seamless transition to this new class of cryptography. There will be a time where crypto agility – the ability to securely and agilely choose and use different types of cryptography – will enable communication with both those who use quantum-resistant cryptography and those who don’t yet.

3. Inventory your data assets to see which ones need to be re-encrypted with quantum-resistance cryptographic algorithms. Some data is so valuable that it has a long shelflife (decades) and must be protected from those adversaries who would steal your encrypted data now and “break” it with quantum computers available in the future.

4. Awareness and education. Tell your colleagues what it’s all about and why they should care, making a distinction between three main topics: quantum computing (much faster computers);quantum-resistant cryptography (algorithms that need to be developed and adopted to prepare for the eventual computers); and quantum key exchange (a means to privately share information while detecting when it has been compromised).

What is the World Economic Forum doing on cybersecurity

The World Economic Forum’s Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. We are an independent and impartial global platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors. We bridge the gap between cybersecurity experts and decision makers at the highest levels to reinforce the importance of cybersecurity as a key strategic priority. World Economic Forum | Centre for Cybersecurity

Our community has three key priorities:

Strengthening Global Cooperation – to increase global cooperation between public and private stakeholders to foster a collective response to cybercrime and address key security challenges posed by barriers to cooperation.

Understanding Future Networks and Technology – to identify cybersecurity challenges and opportunities posed by new technologies, and accelerate forward-looking solutions.

Building Cyber Resilience – to develop and amplify scalable solutions to accelerate the adoption of best practices and increase cyber resilience.

Initiatives include building a partnership to address the global cyber enforcement gap through improving the efficiency and effectiveness of public-private collaboration in cybercrime investigations; equipping business decision makers and cybersecurity leaders with the tools necessary to govern cyber risks, protect business assets and investments from the impact of cyber-attacks; and enhancing cyber resilience across key industry sectors such as electricity, aviation and oil & gas. We also promote mission aligned initiatives championed by our partner organizations.

The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace which aims to ensure digital peace and security which encourages signatories to protect individuals and infrastructure, to protect intellectual property, to cooperate in defense, and refrain from doing harm.

For more information, please contact us.

Quantum computers will be revolutionary in their speeds, so much so that they can undermine the foundation of the internet’s security. They are not simply a technical curiosity to marvel at, but a revolution that requires us to plan for their arrival ahead of time, since they can undermine internet security. We should adopt agile, integrated cybersecurity strategies now – including agile cryptography – to ensure we’re prepared for the age quantum computers will usher in.

the sting Milestones

Featured Stings

Can we feed everyone without unleashing disaster? Read on

These campaigners want to give a quarter of the UK back to nature

How to build a more resilient and inclusive global system

Stopping antimicrobial resistance would cost just USD 2 per person a year

Top UN rights official urges transparent probe into Khashoggi disappearance

Neither side stands to benefit in US-China trade spat, UN says

Questions and Answers on issues about the digital copyright directive

EP President calls for emergency assistance to migrants stranded on Open Arms boat

Women’s rights face global pushback from conservativism, fundamentalism – UN experts warn

Team Europe: €34 billion disbursed so far to tackle COVID-19 in partner countries

Here’s why China’s trade deal with Mauritius matters

Data marketplaces can transform economies. Here’s how

Eurozone: Even good statistics mean deeper recession

Primary Care: a way to provide Palliative Care in Universal Health Coverage

To solve the climate crisis, we need an investment revolution

Creating shared value: an opportunity and challenge for entrepreneurship

Bulgaria: MEPs call for EU values to be fully and unconditionally respected

JADE President opens JADE Spring Meeting 2014

Being blinded by labels stops social change. Art helps us see a better future

As threats to IoT devices evolve, can security keep up?

Innovation and entrepreneurship can cut waste and deliver the circular economy

EU Budget 2020 conciliation talks suspended

Global immunization is having its annual check-up. What can we learn?

UN cooperation with League of Arab States ‘pivotal’, UN chief tells Security Council

EU Budget 2019 to focus on young people

Three experts on why eradicating plastic pollution will help achieve gender equality

Berlin wants to break South’s politico-economic standing

This is where teachers are most (and least) respected

Understanding the gender gap in the Global South

European Parliament approves new copyright rules for the internet

Chile ups foreign bribery enforcement but flawed case resolutions are insufficient to ensure transparency and accountability

India’s economy is an ‘elephant that is starting to run’, according to the IMF

What will Germany look like after the next election?

Half the world’s population is still offline. Here’s why that matters

As G7 calls time on coal, have you checked your supply chain?

Campaign kicks off with High-level Event on #FairInternships

Could 2021 be a turning point for forests and climate change?

New UN Syria envoy pledges to work ‘impartially and diligently’ towards peace

The sustainable fashion revolution is well underway. These 5 trends prove it

Arrest of three Libyans wanted for grave crimes ‘would send strong and necessary message’ to victims, urges top Prosecutor

Rule of Law mechanism applies without further delay as of 1 January, MEPs stress

Indonesia has a plan to deal with its plastic waste problem

Rise in violent conflict shows prevention ‘more necessary than ever’: UN chief

Yemen: ‘A great first step’ UN declares as aid team accesses grain silo which can feed millions

Using CO2 as an industrial feedstock could change the world. Here’s how

Protecting European consumers: toys and cars on top of the list of dangerous products

MEPs call for the protection of fundamental values in the EU and worldwide

The West and Russia accomplished the dismembering and the economic destruction of Ukraine

WHO chief underscores need to address climate change following visit to Bahamas

After the George Floyd protests, what next for racial justice in the US?

80,000 youngsters at risk in DRC after forcible expulsion from Angola: UNICEF

Don’t take African generosity towards refugees for granted, says UN refugee chief

Humanitarian action: New outlook for EU’s global aid delivery challenged by COVID-19

Food choices today, impact health of both ‘people and planet’ tomorrow

From DIY editing to matchmaking by DNA: how human genomics is changing society

How global tech can drive local healthcare innovation in China

Here’s why the tech sector could be the next target for Chinese investment in Africa

Is South Korea set to lose from its FTA with the EU?

Artificial Intelligence raises ethical, policy challenges – UN expert

The future of manufacturing is smart, secure and stable

European Semester Autumn Package: Bolstering inclusive and sustainable growth

Can the world take the risk of a new financial armageddon so that IMF doesn’t lose face towards Tsipras?

GSMA Mobile 360 – Africa: Rise of the Digital Citizen, Kigali 16 – 18 July 2019, in association with The European Sting

Universal Health Coverage will ‘drive progress’ on 2030 Development Agenda

More Stings?

Speak your Mind Here

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: