Quantum Computing and the Evolution of Encryption
Fear sells in the computer security business. And in late 2015 Massachusetts-based Security Innovation got an unexpected boost from one of the scariest organizations around—the National Security Agency.
For six years the company had been trying to create a new revenue stream by licensing an unusual encryption technology called NTRU, which it acquired from four Brown University mathematicians. It was invented as a solution to the powerful code-breaking power of computers that exploit quantum physics, but interest was slack because quantum computers didn’t yet exist or look likely to exist anytime soon.
Then the NSA warned that due to progress in quantum computing, the encryption that protects online transactions such as banking must be replaced with something quantum-computer-proof as soon as possible. “At that point we no longer had to convince people this was a real threat,” says Gene Carter, director of product management at Security Innovation. “We had people calling us and saying ‘Help!’”
Security Innovation is now part of a small but expanding industry offering to help companies plan for quantum crypto-Armageddon.
Quantum computers that are capable of breaking some of the encryption society relies on today still look to be many years away. And the consensus among cryptographers is that the “quantum safe” encryption systems proposed so far—NTRU included—still need more study. But the potential mayhem quantum computers could cause, and sobering statements from government agencies such as the NSA, appears to have provided enough urgency to create a market.
The National Institute of Standards and Technology has said government agencies should be ready to switch to what it calls “post-quantum” encryption by 2025. Security Innovation and its handful of competitors say they already have clients studying how to upgrade their systems to be quantum-safe encrypted, or even experimenting with some of the proposed quantum-proof encryption schemes.
One company in the quantum-preparedness business is Atos, a multibillion-dollar IT services company headquartered in France. Frederik Kerling, who leads the company’s efforts in this area, argues that it makes sense for companies that deal with sensitive data to get a head start on the giant task of upgrading their infrastructure later on.
“Encryption is hidden everywhere inside organizations, inside hardware and software, and you need to know where it is if you are going to be able to upgrade it,” he says. Although helping companies plan for a secure transition into the quantum computing era is a niche business, Kerling expects it to grow significantly over the next few years. “Awareness has been picking up,” he says.
Google and Microsoft have lately increased their investments in quantum computing research. Kerling says that an IBM project that put an experimental quantum chip online last year has helped convince many executives he’s spoken to that they need to consider the security implications of the technology.
Many of the world’s largest technology companies are involved in the effort to develop new forms of encryption that could resist future quantum computers. Cisco and Amazon have been involved with efforts from European and international standards groups to study the situation, for example. Microsoft has tested a quantum-resistant variant of the encryption used to secure webpages. Google is even testing a post-quantum algorithm dubbed “New Hope” in its Chrome Web browser.
Cryptographer Bruce Schneier, chief technology officer of Resilient Systems, a security company owned by IBM, says that kind of research and efforts from government agencies such as NIST is vital. But he is less supportive of the idea companies should begin planning in detail now for the quantum computing era. “I think it’s too early,” he says. “Companies don’t need to think about this yet.”
Michele Mosca, cofounder of the Institute for Quantum Computing at the University of Waterloo, Canada, and cofounder of post-quantum security company EvolutionQ, argues that it isn’t too early for companies handling data that remains valuable for many years, such as medical or financial records.
Such companies need to consider the risk that an adversary could capture encrypted data and store it until the day a quantum computer can decrypt it, says Mosca. Unless some companies start engaging now with the complicated process of upgrading society’s encryption, the industry won’t be ready to deploy quantum-secure encryption quickly when standards bodies and governments do sign off on it, he says.
Mosca estimates a one in seven chance that by 2026 someone, likely a nation state, will have a quantum computer able to crack encryption used for critical data today. “The industry’s usual recipe of waiting for catastrophe and then fixing it is very risky,” he says.