Organizations are making ready for cyberattacks from quantum computer systems
In the middle of the houses and parking lots is the GCHQ, the headquarters of government communications, in this aerial photo from October 10, 2005.
David Goddard | Getty Images
LONDON – A little-known UK company called Arqit is quietly preparing businesses and governments for the next big threat to their cyber defense: quantum computers.
It’s still an incredibly young area of research, but some in the tech industry – including Google, Microsoft, and IBM – believe that quantum computing will become a reality in the next decade. And that could be worrying news for corporate cybersecurity.
David Williams, co-founder and chairman of Arqit, says that quantum computers will be several million times faster than classic computers and would be able to break into one of the most widely used methods of cryptography.
“The legacy encryption we all use to protect our secrets is called PKI,” or public key infrastructure, Williams said in an interview with CNBC. “It was invented in the 1970s.”
“PKI was originally designed to secure communications between two computers,” added Williams. “It wasn’t designed for a hyper-connected world where a billion devices around the world communicate in one complex round of interaction.”
Arqit, which wants to go public through a merger with a blank check company, includes BT, Sumitomo Corporation, the British government and the European Space Agency among its customers. Part of the team previously worked for the British secret service GCHQ. The company only recently moved out of “stealth mode” – a temporary state of secrecy – and its listing couldn’t be more current.
The past month saw a spate of devastating ransomware attacks on businesses from Colonial Pipeline, the largest fuel pipeline in the United States, to JBS, the world’s largest meatpacker.
Microsoft and several US authorities were meanwhile affected by an attack on the IT company SolarWinds. President Joe Biden recently signed an executive order aimed at expanding US cyber defense.
What is quantum computing?
Quantum Computing aims to apply the principles of quantum physics – a science that tries to describe the world at the level of atoms and subatomic particles – to computers.
While today’s computers use ones and zeros to store information, a quantum computer is based on quantum bits or qubits, which can consist of a combination of ones and zeros at the same time, known in the art as superposition. These qubits can also be linked together through a phenomenon called entanglement.
Put simply, this means that quantum computers are far more powerful than today’s machines and can solve complex calculations much faster.
Kasper Rasmussen, associate professor of computer science at Oxford University, told CNBC that quantum computers are designed to “perform certain very specific operations much faster than classic computers”.
That doesn’t mean that they can solve every task. “This is not a case of, ‘This is a quantum computer, so any application you install there will run much faster.’ That’s not the idea, “said Rasmussen.
According to experts, this could be a problem for modern encryption standards.
“If you and I use PKI encryption, we’ll solve half of a tough math problem: prime factorization,” Williams told CNBC. “You give me a number and I work out the prime numbers to calculate the new number. A classic computer can’t break that, but a quantum computer will.”
Williams believes his company has found the solution. Rather than relying on public key cryptography, Arqit sends symmetric encryption keys – long random numbers – over satellites in what is known as “quantum key distribution”. Virgin Orbit, which invested in Arqit as part of its SPAC deal, plans to launch the satellites from Cornwall, England by 2023.
Why does it matter?
Some experts say it will be some time before quantum computers finally arrive in a way that could pose a threat to existing cyber defenses. Rasmussen doesn’t expect them to exist meaningfully for at least 10 years. But he’s not complacent.
“If we accept the fact that quantum computers will be around 10 years from now, anyone with the foresight to record important conversations now might be able to decipher them when quantum computers hit the market,” said Rasmussen.
“Public key cryptography is literally everywhere in our digitized world, from your bank card, to the way you connect to the Internet, to your car key, to Internet of Things (IoT) devices,” Ali Kaafarani, CEO and founder of cybersecurity start-up PQShield, told CNBC.
The US Department of Commerce’s National Institute of Standards and Technology wants to update its cryptography standards to include post-quantum cryptography, algorithms that could be secure against attack from a quantum computer.
Kaafarani expects NIST to decide on new standards by the end of 2021. But he warns: “For me, the challenge is not the quantum threat and how can we build secure encryption methods. We have solved that.”
“The challenge now is how companies need to prepare for the transition to the new standards,” said Kaafarani. “The lessons of the past show that it is too slow and takes years and decades to switch from one algorithm to another.”
Believing companies must be ready now, Williams adds that developing post-quantum algorithms that use public-key cryptography and make it “even more complex” is not a solution. He alluded to a report by NIST that addressed challenges in post-quantum cryptographic solutions.