Quantum Computing: Dream or Nightmare?
“Quantum Technology—The Second Quantum Revolution,” has arrived much faster than expected, with quantum computers at the forefront of the exploding field. The most optimistic predictions are that worldwide funding for quantum computing will be about $500 billion per year by 2025. Companies such as IBM, Intel, and Google are leading the way, and venture capitalists are investing significant amounts in a large number of startups. The dream is that quantum computers will provide a vast increase in processing speed, which leads to great advances in solving optimization problems, improving data mining, enabling better drug design, and advances in many other areas of a practical and marketable nature. The nightmare is that this same computational power can be used to hack the encryption that protects all of our data that is communicated or stored on the Internet—potentially bringing to an end to data security, as we now know it. This article focuses on that nightmare scenario.
Threat? —What Threat!?
Today, a single type of public-key encryption algorithm secures all data on the Internet. This type of security was supposedly guaranteed by the belief that computers were unable to quickly solve a particular math problem. The prime example is the RSA-algorithm. Computer scientists thought RSA was uncrackable by any computer, but they could not prove it. With only that hope—and a prayer—such keys were rolled out in the 1970s, and now the security of all our data depends on this single algorithm. The current standard uses a key of 3,072 bits to secure data through the year 2030. Using today’s classical computers, it would take longer than the life of the Universe to crack such a key.
It is important that CIOs realize that there is not one simple fix but a menu of options where price, security, and data transmission distance cannot all be simultaneously optimized. The state of quantum technology is still in flux right now, and this menu will change yearly
However, in 1994, a computer scientist and professor at MIT, Peter Shor, showed that a quantum computer could crack a 3072-bit key in nanoseconds. Back then, most people thought a quantum computer was 50–100 years away. But in 2012, the number of patents in quantum computing began doubling each year, and the number of quantum bits of hardware began doubling every six months. A quantum computer that can hack the 3072-bit RSA will be ready in 10–20 years, perhaps even sooner. While 20 years may seem like a long time, hackers could be vacuuming up your data now, storing it, and preparing to decrypt it when a quantum computer comes online. If you’re a corporation that wants to keep data secure for decades, then the time to panic is now.
The Classical Patch
The US government is currently developing a software patch called Post-Quantum Cryptography (PQC). A US-certified version should be ready in less than four years. PQC is a new type of public-key that computer scientists don’t think can be cracked by a quantum computer, but they can’t prove it. (Sound familiar?) The advantage of PQC is that it is relatively cheap and easy to roll out. (By cheap we mean a few billion dollars a year worldwide.) The PQC is recommended by the US for most corporations. Other countries are doing similar things, but there is no worldwide standard. There are many startups ready to sell you their own version of a PQC, but what they sell could be obsolete in a year. Nevertheless, once national standards come online, we recommend using PQC as a temporary patch, since its security is unknown. But PQC is not the long-term solution!
The Quantum Fix
The permanent fix is to change from public-key encryption to private-key encryption, where the keys are distributed using quantum states of light. This scheme is called quantum-key distribution (QKD), and it has the advantage that it is provably unbreakable by any means, even by a quantum computer. However, QKD is expensive and time-consuming to develop and roll out on a global scale. Despite these shortcomings, the Chinese government is using QKD to secure their entire country. For the past 15 years, a consortium of the Chinese government, industry, and academia, has implemented a national QKD network. The Chinese fear that the US will have a quantum computer first, and they are betting on QKD to protect their data and communications. The Chinese network will be mostly complete in four years—with perfect security—but at a price tag of tens of billions of dollars. The US Defense Department is also rolling out a QKD system for their own use because absolute security is paramount. On the other hand, for about $10,000, a corporation can buy a commercial plug-and-play QKD system. It has a limited range—say that of a LAN—but the total cost to secure one small city-sized LAN will be perhaps $10M. We recommend that any data that must be secured forever, but does not need to be sent long distances, should be moved to this type of QKD system immediately.
It is Difficult To Make Predictions—Especially About the Future
It is important that CIOs realize that there is not one simple fix but a menu of options where price, security, and data transmission distance cannot all be simultaneously optimized. The state of quantum technology is still in flux right now, and this menu will change yearly. For the short term, we advise corporations to immediately create a team of quantum IT experts to act as a “quantum-rapid-response” team. This team can monitor developments and suggest strategies in real time.
We recommend that corporations lobby their national and regional government to invest in a long-distance QKD system. This system is secure but will take time and cost billions to develop and implement. However, a QKD network will be the backbone of the future Quantum Internet. In comparison, the operating cost of the current Internet is estimated at $100–$200 billion per year. We hope for something similar for the quantum Internet, which will be the ultimate resource for the second quantum revolution.