The writer is founder of Sifted, an FT-backed site about European start-ups
The old joke that quantum computing is a technology of the future — and will forever remain so — is not so funny any more.
The engineering challenges of building a quantum computer robust enough to deliver on its extraordinary theoretical promise remain colossal. But early prototypes are evolving fast and the future might arrive quicker than predicted. Every data-rich body should start thinking about how to migrate to a quantum world now the US National Institute of Standards and Technology is due to release its post-quantum encryption standards next year.
Quantum computers, which exploit the spooky behaviour of subatomic physics, operate in a different way from conventional computers, enlarging the set of possible solutions to many problems. Some companies are already exploring the possibilities of hybrid approaches, combining the existing capabilities of rudimentary quantum computers and their classical cousins to optimise port logistics, airline schedules, grocery deliveries and television advertising programming, for example.
“Quantum is real today,” says Alan Baratz, chief executive of D-Wave, a US quantum company.
But the serious threats of quantum computing may emerge quicker than its possibilities. Security experts warn of the dangers of Q-day, when a quantum computer might crack the RSA cryptosystem, widely used by tech companies, banks and governments on their data.
Earlier this month, the heads of the “Five Eyes” spy agencies (the US, the UK, Canada, Australia and New Zealand) warned of the risks of China’s activities in quantum computing, AI and synthetic biology. “If you’re anywhere close to the cutting edge of tech, you might not be interested in geopolitics, but geopolitics is interested in you,” said Ken McCallum, director-general of Britain’s MI5.
Ever since 1994, when the mathematician Peter Shor wrote an algorithm that could run on a not-yet-invented quantum computer to crack RSA, security experts have worried about the world’s digital secrets. It may be another decade (or more) before we have a quantum computer stable enough to run Shor’s algorithm but we can never be certain when that day might arrive.
This is one of those rare technological fields, however, where the solution anticipates the problem. Since 2016, America’s National Institute has been soliciting and evaluating quantum-proof encryption. It will release four approved standards next year, which will then be adopted by other agencies around the world.
According to Elham Kashefi, chief scientist at the UK’s National Quantum Computing Centre, it would be “very worrisome” if any organisation that holds sensitive data was not already alert to the threat of Q-day. “You should be very worried,” she told the Sifted Summit earlier this month.
One concern was that adversaries could harness data today and decrypt it later when quantum computers had developed, Kashefi said. That might not matter if the old, compromised data was a supermarket’s daily sales records. But it would be a different story if the data contained health records or sensitive personal information.
Switching from one encryption regime to another across many thousands of organisations will take years to implement. That is why cyber experts are urging companies to start thinking now about how to adopt a NIST-approved encryption standard.
Migrating to a quantum-proof world will be a bonanza for some cyber security companies. That is the hope of PQ Shield, an Oxford-based start-up that recently convened an expert conference to examine whether NIST’s “beautiful” mathematical drafts could work in the “nasty” hardware world. The good news, according to Ali El Kaafarani, PQ Shield’s founder, is that they can.
“Is there ever a perfect security solution? No. It never exists,” he tells me. “But my personal view is that these schemes are very secure and strong and very difficult to break on either a classical or a quantum computer.”
When I spoke to Shor earlier this year, he predicted that the quantum computer needed to run his algorithm might still be decades away. But in the meantime, he had composed a limerick to explain the quantum conundrum:
“If the computers you build are quantum,
Spies of all factions will want ‘em.
Our codes will all fail.
They’ll read all our email.
Till we’ve crypto that’s quantum and daunt ‘em.”
