Bracing for a quantum leap
Global technology giants including IBM, Microsoft and Accenture are working on building encryption systems that can resist attacks from a quantum computer, although it will still be a decade before the first such computer comes out of a research lab.
A large functioning quantum computer, which could revolutionise fields as diverse as pharma and finance by crunching significantly larger amounts of data than conventional computers, will become capable enough to break the conventional security encryptions currently guarding all data on the planet. In such a scenario, the world is likely to face a second ‘Y2K’ problem in 10 years and the time to act on ‘quantum-safe encryption’ is now, experts say.
“It’s like a Y2K problem because you can’t wait until it can break encryption, because by then it would be too late,” Paul Daugherty, chief technology innovation officer at Accenture, told ET in an earlier interview.
In the 1990s, computer systems mainly in the United States discovered a bug that refused to recognize the year 2000 and beyond. Although innocuous, it marked a big headache for companies and programmers across the world. The millennium bug, or Y2K problem as it was called, was fixed manually by thousands of programmers, chiefly outsourced to India, spawning the country’s multi-billion outsourcing industry.
Unlike the years preceding the ‘Y2K’ challenge, big technogy companies now seem more attuned to tackling the challenge.
“We have done a lot of work around quantum safe encryption and it is important to move early enough to that,” said Daugherty of Accenture.
IBM, for instance, unveiled a 20-qubit quantum computer in January, called the IBM Q System One, which was designed to help researchers working on quantum-safe encryption. The company sells access to the IBM Q System One via the cloud, and companies and research institutes can buy time on the quantum network.
“We are working with organizations such as NIST (the National Institute of Standards and Technology) to define quantum-safe cryptology because we do believe it will be important for us to come out with these new algorithms which will enable us to start encrypting today, so that at such point in the future when the quantum computer can break the algorithm, we will be prepared,” Jamie Thomas, General Manager, IBM’s Systems Strategy and Development, told ET at an IBM event in San Francisco earlier this year.
Microsoft, on its part, is working on cryptography methods that could resist attacks by a hacker with access to a quantum computer. The security of such a method, it said on its research site, is based on hard mathematical problems that cannot easily be solved by a large scale quantum computer.
“The work of developing new cryptosystems that are quantumresistant must be done openly, in full view of cryptographers, organizations, the public, and governments around the world, to ensure that the new standards emerging have been well vetted by the community, and to ensure that there is international support,” Microsoft said, describing its quantum cryptography research.
The company, which has an 11-member research team, said speed is important to the process. “We must do all this quickly because we don’t know when today’s classic cryptography will be broken. It’s difficult and time-consuming to pull and replace existing cryptography from production software. Add to all that the fact that someone could store existing encrypted data and unlock it in the future once they have a quantum computer, and our task becomes even more urgent,” Microsoft said.
While breaking encryption is not a near-term problem, any data that is not protected will be vulnerable when that happens, said Thomas of IBM. “So, it is an important aspect of what we are doing. We are producing quantum computers, but we are also producing quantum safe cryptology.”
In the United States, NIST created a post-quantum cryptography project in 2016, as advances in quantum computing made the prospect of a large-scale quantum computer breaking current public key encryptions more likely.
“Historically, it has taken almost two decades to deploy our modern public key cryptography infrastructure,” the physical sciences laboratory said when it launched the project. “Therefore, regardless of whether we can estimate the exact time of the arrival of the quantum computing era, we must begin now to prepare our information security systems to be able to resist quantum computing.”
The project aimed to solicit, evaluate and standardize one or more quantum-resistant publickey cryptographic algorithms. In January, the NIST announced that it had 26 potential encryption tools that had the strongest potential to resist a quantum computer.
Typically, public-key encryption is based on mathematical principles and the difficulty in solving problems such as factoring and calculating elliptical curves. In 2009, a group of researchers concluded that to factor a 232-digit number took hundreds of machines two years. These days, encryption keys use significantly larger digits — 1024 bit and 2048 bit, but quantum computers would be rapidly able to factor encryption keys of any length, the US-based Cloud Security Alliance said in a 2016 research note.
India, which quickly scaled up to face the Y2K challenge, is now taking baby steps into quantum computing, although it doesn’t yet have a critical mass of people working in this field. The country has set up a programme, Quantum-Enabled Science and Technology (QuEST), where researchers from institutions such as the IISc, Indian Space Research Organisation and Tata Institute of Fundamental Research, have proposed to work on quantum computing and allied areas, including quantum safe cryptography and quantum communication.
“It (quantum safe encryption) depends on how sensitive or important your data is. If it needs to be secure for the next 50 or even 20/30 years, then you need to start working on it now,” said Sanjit Chatterjee, associate professor at the department of computer science and automation at IISc. “But if your data needs to be secure for shorter duration say, a year, or month, then you have time. It depends on your perspective.”
The Department of Science and Technology is funding research under QuEST, while some private players, such as QuNu Labs, are working on niche projects like using quantum key distribution to ensure encryption keys can be exchanged securely over networks.
The government has shown broad interest in quantum technologies, but more needs to be done, Chatterjee said. “Our research group is working on post-quantum cryptography. We have a team of four/five research students and post-doctoral fellows working on various aspects of the problem. There is serious research happening in this area across the globe and we need to do it too.”
Source: ET Tech