TORONTO—Emerging quantum computing technologies threaten to undermine even the most sophisticated cybersecurity systems installed by businesses and governments, says a new report published by the Global Risk Institute (GRI).
The report estimates that there is a one-in-seven risk that quantum computing will undermine some of the most critical public-key cryptography tools within the next 10 years, and a 50% risk that many of these tools will be obsolete by 2031.
Public-key cryptography is an encryption scheme that uses two mathematically related keys—a public key and a private key—with the former used to encrypt and the latter used to decrypt. This scheme is the foundation for digital commerce at many large organizations, including financial institutions, online retailers and government agencies.
The report was researched and written by Dr. Michele Mosca, a special advisor on cybersecurity to the GRI, co-founder of the Institute for Quantum Computing at the University of Waterloo and a founding member of the Perimeter Institute for Theoretical Physics.
“Quantum physics has surely been one of the most unexpected threats to cybersecurity,” Dr. Mosca said. “As we learn to handle attacks from currently familiar sources, cyber criminals are finding new ways to attack our cyber systems.”
The threats stem from the power of quantum computing to execute tasks far beyond the reach of conventional computers. Existing computers use long strings of “bits” that encode either a 0 or a 1. By contrast, quantum computing enables the bit to embody the 0 and 1 states at the same time. By manipulating a large collection of quantum bits, known as qubits, a quantum computer can process countless configurations of 0s and 1s simultaneously.
For years, quantum computing was largely a branch of fundamental physics and computer science, but it is gradually being harnessed in technologies with the potential to support ground-breaking and creative applications such as high precision measurements and medical imaging.
“As the ideas continue to move toward working technologies and then to solutions for real problems, there is a global race for industry leadership in quantum technologies,” the GRI report notes. However, it adds, “one unintended consequence is that these technologies will break some of the cryptographic tools currently underpinning cybersecurity.”
One example is digital signatures, a fundamental requirement for online security. These signatures allow a verifier, such as a user’s browser, to confirm that a piece of code comes from a trusted source and has not been tampered with. Another basic security function is establishing the security key that encryption algorithms use to protect confidentiality.
The report cautions that “when the cryptographic foundations on which a cyber system is built are fundamentally broken, the system will crumble with no quick fixes. A fail-safe replacement generally takes years to develop.”
It underlines the urgency of developing “quantum-safe” cryptography to guard against these threats. “It is very important that we are not caught off-guard and forced to fire-fight a threat that takes years of preparation to properly defend ourselves against,” the report adds.
Even so, the report notes, “there are no silver bullet solutions to achieve cybersecurity. No one technology, no one vendor and no one project will ultimately suffice. What is needed is a strong cyber immune system, capable of quickly detecting new unexpected threats and acting quickly to deal with them.”
Dr. Mosca’s report, entitled “A quantum of prevention for our cybersecurity”, is part of the Global Risk Institute’s funding of research into quantum computing, focusing on medium and long-term implications that are likely to have a profound impact on the financial services industry. The University of Waterloo’s world-renowned expertise in cryptography and quantum computing underpins its global leadership in cybersecurity in the context of quantum technologies.
Toronto-based Global Risk Institute, a think tank that examines the management of risks in financial services, is a non-profit, public and private partnership with 34 government and corporate members from asset management, banking, insurance and pension management.