If you know your way around very old buildings in New York City, you will find places like the Cooper-Union building, where forward-thinking architects designed elevator shafts in structures that predated the invention of the elevator. There was no elevator, but anyone with eyes and ears in the 1850s knew that the invention of the steam engine made the dawn of the elevator age inevitable. The anticipation of quantum computing is playing out in similar ways with computer scientists and cyber security entrepreneurs.
Understanding Quantum Computing from a Security Perspective
Quantum computing is a new approach to computing that takes advantage of quantum mechanics to create exponential accelerations in compute power. A lengthy explanation is beyond our scope here, but this article is a good backgrounder. Briefly, though, in quantum computing, the quantum properties of subatomic particles enable the same set of bits to solve multiple problems at the same time. These quantum bits (or Qubits) can be in more than one physical state at the same time. This is in contrast to standard computing, that processes strings of single-purpose bits.
“Without a countermeasure to mitigate the threat of quantum compute key cracking, no data will be secure anywhere in the world.”
Though feverish research is under way, and many exciting breakthroughs occur in quantum computing each year, the concept has yet to be fully realized. An array of physical and logical challenges stand in the way of actual, practical quantum computing. It could be ten years or more until that moment occurs, but when it does, things will never be the same.
A functioning quantum computer will be capable of running computations at a speed that geometrically outstrips conventional computers. This is a boon to people who want to stop global warming and cure cancer. Quantum machines will also be capable of creating, and cracking, encryption keys in ways that today’s machines could never match. This potential is very troubling, from a security perspective.
The quantum threat to cyber security is what keeps people Jane Melia up at night. The VP of Strategic Business Development for QuintessenceLabs, Jane is part of a team that’s working on protecting data from the inevitable impact of quantum computing. She put the challenge in context. “Let’s say you are now using an asymmetric encryption using an RSA key,” she said. “That would take 3,000 years to crack using today’s computers. With a quantum computer, you could crack that key in a few minutes.”
This frightening potentiality is driven not just by the quantum computer’s anticipated speed, but also by unique quantum cracking algorithms that will not work on conventional computers. “Without a countermeasure to mitigate the threat of quantum compute key cracking, no data secured by asymmetric algorithms will be safe anywhere in the world,” Melia added. Got that? Under the status quo, every single piece of financial data, every government secret, every encrypted communication will be completely exposed and open to theft or malicious disruption.
“Let’s say you are now using an asymmetric encryption using an RSA key,” she said. “That would take 3,000 years to crack using today’s computers. With a quantum computer, you could crack that key in a few minutes.”
Mitigating the Quantum Security Threat
QuintessenceLabs, which was founded in 2008 in Canberra Australia, has developed a countermeasure for quantum hacking. It’s based on implementing truly random keys, keys that are essentially quantum in nature. “Today, we have a key that we hope is random,” Melia said. “But in reality, they are actually predictable. Mathematics is pretty predictable, so when we generate random keys using random events, such as with algorithms, they are still pretty vulnerable in the quantum context.”
The Quintessence solution is to create what Melia calls “entropy keys,” with a higher degree of randomness and chaos than today’s keys. Each bit in such a key is totally unrelated to the one before and after it. This approach mirrors the unpredictable nature of quantum physics. Quintessence calls its product qRand™. It’s a “Quantum Entropy Injector” that feeds quantum random numbers to the entropy pool of a computer. This solves a problem that Quintessence refers to as “entropy starvation.”
As Melia put it, “Your applications will always have sufficient entropy, even in virtual environments.” The qRand solution can be embedded in hardware. It also includes a key management tool.
The broader point, according to Melia, is to prepare now for what is coming. “If quantum key cracking will arrive in five years, you don’t want to wait five years to deal with the problem. You have to understand how long your data needs to stay safe and map out our quantum strategy now.”
Building Quantum-Ready Networks
Quantum Xchange is working on another important element of quantum security, the need to transmit quantum keys on networks. A quantum key, for the uninitiated, is a key transmitted over fiber, where each photon represents a bit. A laser generates one photon at a time, with vertical photon polarization representing a “0” and horizontal polarization representing a “1,” for example.
The problem, according to Quantum Xchange CEO John Prisco, has to do with distance. A quantum key will not survive the standard repeating process required to transmit data across large networks. “You can only send a key about 100 kilometers before it would have to be regenerated,” said Prisco. “For normal data, that’s no problem. However, regenerating a photon-based quantum key would destroy it.” This is based on the Heisenberg principle. Observing a photon changes its state.
The physics is a little over my head, but the issue is that photons become attenuated as they travel on fiber networks. The difficulty is that the process of preserving the key, in order to repeat it, changes its state. It won’t work anymore. To solve this problem, Quantum Xchange came up with trusted node approach. It’s based on a technology developed at Battelle Labs, which Quantum Xchange acquired from the lab.
“For normal data, that’s no problem. However, regenerating a photon-based quantum key would destroy it.” This is based on the Heisenberg principle. Observing a photon changes its state.
“We can re-encrypt a key that’s going 100 KM, and then send a composite key out over the next 100 KM,” Prisco explained. “We solve the distance limitation problem.” The company has a distribution agreement with ID Quantique for hardware. They are also working on adding their photonic quantum key generators to fiber links that use the company’s trusted nodes, starting in the New York area, to focus on financial industry users. In this use case, the customer does not have to change the way they transfer their data. They can keep their fiber and encryption service providers.
For a technology that doesn’t exist yet, quantum computing is certainly stimulating a lot of innovation and investment. But, like builders of skyscrapers in old New York, they see the future and they want to be prepared for what’s coming.