With the 2048 bit keys used in public key encryption today, it would require a very large quantum computer with high fidelity qubits to process the Shor algorithm. Quantum computers of this size are not available today, but the technology is continuing to improve and estimates are that these will be available in around 10 years, although lesser quantum computers will surely be available before them.
For some, this settles it. The quantum computer threat – and hence the related opportunities – will not emerge for many years. While the consensus is that the entire digital industry will convert to post-quantum encryption (PQE) or quantum key distribution (QKD), over the next 10-20 years, the security risks posed by future quantum computers are small enough that it might seem that it is not possible to build a profitable quantum encryption business right now. IQT, however, begs to differ. As IQT sees it, there are at least two areas where data managers may be willing to pay to protect data even in advance of quantum computers strong enough to threaten data.
#1 Gold-plating Today’s Databases Against Tomorrow’s Quantum Incursion
While it is not possible to break current traffic, it is possible to intercept messages, store them for many years, and then decrypt the messages when a quantum computer is available. This is a costly strategy and not worthwhile for most encrypted traffic, there are a few situations where it may make commercial sense. These situations are defined by:
- Data value –the value that the decrypted data would have for an intruder
- Data shelf life – This is a measure of how long the data stays relevant.
For an encryption business today to make money from this situation today, it will have to target owners of data that is both highly valued and has a long data shelf life. In this context, one immediately thinks of military data. For example, the design plans for a new military weapon will often have both a very high shelf as well as a very high data value since these typically have lifetimes measured in decades and represent a large military advantage for the creator of the weapon. But the general principle extends to financial records and medical records, so the market for this type of encryption is larger than just governments. An audit by database owner often reveals data that will still be a secret 10-15 years from now.
#2 Protection Firmware for the Future
Protecting firmware in another market that our hypothetical encryption company can chase after right now. More and more devices and products are not only reliant on firmware, but also have the capability to download updates to the firmware to fix bugs, add features, and improve performance. Many of the devices that currently use firmware will not be around in five years – but others (machines, some vehicles, etc.) will be.
To protect against forged firmware updates from being installed, manufacturers are now using digital signatures to verify that any new firmware is valid and comes from the manufacturer. These are based upon current public key algorithms which are not quantum resistant. Although the digital signature will protect fraudulent firmware from being installed in the near term there may be the possibility that eventually a quantum computer will be available that will allow forging a seemingly valid digital signature and allowing a bad actor to install bad firmware into a device.
IQT believes therefore that it makes practical sense for designers of products that support firmware updates is to consider implementing some form of “quantum resistance.” This can be achieved by (1) implementing one of the post-quantum encryption algorithms that are now available, or (2) implementing a hybrid classical-quantum algorithm that first encrypts the data with a classical algorithm and then encrypts that with one of the post-quantum algorithms. The latter approach may be preferred who are concerned that the existing post-quantum algorithm are still relatively new and could have vulnerabilities that have not been uncovered yet.
A third possibility is to design a product that has crypto-agile hardware that can adapt to different algorithms. This would allow one to release the product using one of the classical algorithms initially and then eventually upgrade to one of the post-quantum algorithms once they have been proven out.
The Bottom Line
Although the threat from a quantum computer may still be a decade away, there are some products that may have a lifetime this long and will need to be quantum protected right now. While this is still a niche business, market entry now may enable bigger and better things as quantum computers become more menacing.
IQT will soon be publishing a deep-dive report on post-quantum encryption. Look out for details soon.