At a conference hosted by Inside Quantum Technology in Boston this month, Dr. Mark Jackson of Cambridge Quantum Computing announced that 99% of all online encryption will be vulnerable to quantum enabled hacking. Therefore, he said, post-quantum cryptography (PQC) is very important for civic, industrial and commercial Internet of Things (IoT) applications and for 5G networks.
Both Kiran Bhaghota of ProtectBox.com and John Prisco of Quantum Xchange described the further problem of bad actors large and small, including nation states, harvesting encrypted data now that can be stored cheaply in ‘locked box’ until they have a ‘sledgehammer’ of quantum technology strong enough to break it.
Michele Mosca of the Institute of Quantum Computing at the University of Waterloo in Ontario, Canada observed that major commercial cloud services, payment systems, IoT networks, the public internet and the military all have encrypted sensitive data that is vulnerable to being stolen today, stored on private hardware, and then accessed by well-financed adversaries about 10-20 years in the future.
Many of the cryptography experts at Waterloo developed their expertise while working for RIM, the makers of Blackberry. A decade ago, governments and industries worldwide favored Blackberry devices for handling sensitive data because they used strong public key encryption, whereas early smartphones did not. Law enforcement in various countries tried to persuade RIM to create “backdoor” access to data on Blackberrys in order to catch and prosecute criminals.
Doug Finke, an analyst for Inside Quantum Technology, speaking at its March 2019 conference, highlighted the need to upgrade 10-20 billion devices with quantum resistant encryption. He referenced the same looming “harvest now, decrypt later” phenomenon that threatens to expose sensitive data that remains valuable for 10 years or more, like the design of military weapons systems, social security numbers and personal health records.
Eventually quantum technology will allow any of its users to break very strong encryption that is not quantum resistant, including information stored on a blockchain. One defensive option is to use hybrid classical and quantum resistant encryption schemes that would at least force future hackers to break both of them to access protected data.