Quantum Encryption Is Coming Sooner Than You Think. The Time To Prepare Is Now
Internet security, once considered to be strictly in the domain of the wonkiest tech experts, has become central to public discourse over the past year. Besides the attacks on the DNC, even tech savvy business like Snapchat, Oracle and Verizon Enterprise Solutions have had significant breaches in the last year.
For the most part, these attacks were preventable. Often, hackers use a technique called social engineering, to trick people into allowing them into a system. Other times, they exploit a vulnerability in software to give them access to confidential data. In most cases, more stringent procedures can prevent attacks.
However, there is a more serious crisis coming. In five to ten years, we are likely to see quantum computers that are so powerful that they are able to break even the strongest encryption in use today. That means that soon, even our most vital and well protected data will be at risk. So if you want to protect your businesses, you should start preparing now.
A Brief History Of Encryption
Modern cryptography got it’s start when Claude Shannon, came up with an idea for a truly unbreakable code. What he proposed was that, instead of using preassigned codes, long random numbers would be inserted into messages. The longer the number, the harder the it would be to decipher messages. In effect, you could have as much security as you wanted.
For decades, Shannon’s concept of mathematical cryptography was primarily pursued by governments and militaries. Yet as electronic communication became more widespread, there was a growing need for private companies and individuals to keep communications secure.
Enter Whitfield Diffie and Martin Hellman. In 1976, the two published a paper that created the concept of public key cryptography, which would allow just about anybody to establish highly secure communications. In short order, Ron Rivest, Adi Shamir, and Leonard Adleman developed a working version, now known by their initials, RSA.
Today, we use RSA and similar systems in just about everything we do online. From digital signatures and secure payments for e-commerce, to protecting vital infrastructure and keeping health records and corporate information safe. It’s hard to imagine the modern economy working without the possibility to create secure environments.
Yet that is exactly what we’re facing in the coming years.
Entering The Quantum Era
In 1993, an unusual experiment took place at IBM Research, It was rooted in a long standing debate between Albert Einstein and Niels Bohr. At issue was something called quantum entanglement, which Einstein called “spooky action at a distance” and thought was preposterous. He devised an experiment to prove Bohr wrong.
Yet scientists at IBM showed that not only is quantum entanglement a real phenomenon, but that it could be be transformed into something far more useful than anyone dreamed. Now known as the quantum teleportation experiment, it led to a new branch of computer science called quantum information theory.
Today, that theory has become a reality. Both Google and IBM have already developed small scale quantum computers and IBM even allows people to access theirs through the cloud. D-Wave, which uses a stripped down form of quantum computing called quantum annealing already is selling a commercial version of its machine.
So clearly, the quantum era is upon us. In just a few years, we can expect these early technologies to significantly increase in scale and, it won’t be long before the technology is widely available. Once that happens, present encryption standards won’t be effective anymore.
How Quantum Encryption Works
To learn more about how the quantum era will affect business, I spoke to Gregoire Ribordy, Chief Executive Officer of IDQuantique, a quantum encryption firm that got its start as a spin-off of the Group of Applied Physics at the University of Geneva. It is also a founding member of the Quantum-Safe Security Working Group in the Cloud Security Alliance.
Ribordy likens conventional cryptography to a tennis match, where a ball is hit back and forth between two players and somebody in between is trying to intercept the ball and then pass it on without either of the players noticing. Quantum encryption, however, is more like a tennis match played with soap bubbles. Once somebody touches a message it is destroyed.
In reality, it is far more complicated than that. The process, developed by Charlie Bennett and Gilles Brassard, two of the scientists that performed the quantum teleportation experiment at IBM, uses polarized photons to create random sequences. Because the person receiving the message can only receive in one polarization, only half of the cryptographic key can be read.
The trick is that, because of the strange rules of quantum mechanics, the cryptographic key is destroyed once it is read. So if a hacker intercepts the key, the intended recipient won’t and the message will never be sent.
The Time To Start Is Now
To executives struggling to manage day-to-day concerns, all of this can seem somewhat esoteric and abstract and, in some sense, it is. Still, much like the Y2K problem in the late 1990’s, it is imperative for enterprises who rely on keeping sensitive information, such as customer profiles and other proprietary information, to prepare years before the crisis comes.
In February, the NSA announced it is switching to quantum resistant technologies and the market for solution providers seems to heating up. Other companies, such as Quintessence Labs and Qubitekk have also entered the market and IDQuantique has seen an uptick in business lately.
“Our growth is accelerating and is now in excess of 40% because more companies are understanding the threat,” Ribordy told me. “With the knowledge that quantum computing is coming, hackers can begin stealing your long term data now and then decrypt it later when the technology becomes available.”
So he advises organizations to start by taking an inventory of what data within their enterprise will still be relevant in five to ten years. From there, a strategic plan can be developed for making the most crucial information quantum resistant. The process typically costs under $100,000 and can be completed in just a few months.
The digital age has brought us unprecedented possibilities, but is also fraught with risks. Today, even the most intimate details of our enterprises — and our lives — can be copied and transmitted with perfect fidelity by anyone with the skills and desire to steal them. Ironically, the new quantum era both increases those risks and offers a solution.
If you want to protect your business, the time to start is now.
An earlier version of this article first appeared in Inc.com