Quantum Computing’s ‘Time Bomb’ Threat to Cybersecurity
(FinancialTimes) IQT-NEWS has summarized the FT’s recent, extensive examination of the current debate in some quarters about the seriousness of quantum computing’s threat to cybersecurity.
The review begins with a historical explanation of the “Crypto Wars”, an unofficial name for the U.S. and allied governments’ attempts to limit the public’s and foreign nations’ access to cryptography strong enough to resist decryption by national intelligence agencies. After many years of fighting the ability to export secure encryption, US officials finally capitulated on restrictions in 2000, opening the door to a much larger share of the world being able to benefit from secure encryption protocols.
With quantum computing around the corner, however, some believe the power balance struck in the 2000s could be on the verge of breakdown due to the technology’s potential to break current encryption standards. This time, they say, the consequences could be far graver than anything in the past because of the scale of economic value and infrastructure that has been linked in the interim to secure encryption.
But others think the threat may be being overhyped by those who wish to profit from selling quantum security or by those who have an interest in getting institutions to migrate to platforms they control and can exploit.
Still, many have discreetly begun assembling teams to think hard about moving — if not already moving — their systems to quantum secure levels. Much of this activity is being done in the shadows because of the downside of accidentally signalling to would-be attackers how insecure one’s system currently is. Nobody wants to let the proverbial quantum security cat out of the bag since doing so would invite a perpetual arms-race between attackers and defenders.
In some quarters, an active debate is being had about whether quantum computing will ever be strong enough to break standard encryption protocols. The question is of particularly relevance to those active in the cryptocurrency sphere, since so much of the sector depends on secure cryptography to retain its value. Opinions, however, remain hugely divided.
Among those who see it as a big problem are the founders of Arqit, a British network security company that claims to have solved some key problems in the quantum security field. Arqit solves the cybersecurity problem by using satellites and using quantum key distribution (QKD) to distribute encrypted keys to terrestrial receivers. It also claims to have found a way to offer it as a service to mass-market telecoms providers, ensuring everyone’s personal computers and mobiles can benefit from QKD.
Arqit, however, is not the only venture to claim to have solved QKD using satellites. In 2016, China launched a quantum communications satellite known as Micius, that was also set to transmit encrypted keys from space. But Arqit’s CEO David Williams claims Arqit, which fetched a $1.4bn valuation on Nasdaq in early May via a merger with Spac, is far ahead of the Chinese effort. He says Micius unlike Arqit has not yet solved the “global versus trustless” conundrum, which allows for the quantum encryption to be distributed beyond its end point on the ground.
Such assurances, however, are unlikely to satisfy the eternally distrustful crypto community. One high-level cryptographer said it doesn’t mean the wider system is necessarily unhackable. If the attacker controls the endpoint in a QKD pair, they said, it is possible they could see the key being generated and that would then give them access. “That’s how governments will backdoor it,” they noted.