Organizations are preparing for cyberattacks from quantum computers

Amid the houses and parking lots is GCHQ, the Government Communications Headquarters, in this aerial photo taken on October 10, 2005.

David Goddard | fake images

LONDON – A little-known British company called Arqit is quietly preparing businesses and governments for what it sees as the next big threat to its cyber defenses: quantum computers.

It is still an incredibly young field of research, yet some in the tech industry, including Google, Microsoft, and IBM, believe that quantum computing will become a reality in the next decade. And that could be worrying news for organizations’ cyber security.

David Williams, co-founder and president of Arqit, says that quantum computers will be several million times faster than classical computers and could enter one of the most widely used cryptography methods.

“The legacy encryption that we all use to keep our secrets safe is called PKI,” or public key infrastructure, Williams told CNBC in an interview. “It was invented in the 70’s.”

“PKI was originally designed to secure the communications of two computers,” Williams added. “It was not designed for a hyper-connected world where there are a billion devices around the world communicating in a complex round of interactions.”

Arqit, which plans to go public through a merger with a blank check company, counts companies such as BT, Sumitomo Corporation, the British government and the European Space Agency as clients. Part of his team previously worked for GCHQ, the UK intelligence agency. The firm recently came out of “stealth mode,” a temporary state of secrecy, and its listing on the stock market couldn’t be more timely.

The past month has seen a series of devastating ransomware attacks against organizations, from Colonial Pipeline, the largest fuel pipeline in the US, to JBS, the world’s largest meat packer.

Meanwhile, Microsoft and several US government agencies were among those affected by an attack on IT company SolarWinds. President Joe Biden recently signed an executive order aimed at increasing America’s cyber defenses.

What is quantum computing?

Quantum computing aims to apply the principles of quantum physics, a body of science that seeks to describe the world at the level of atoms and subatomic particles, to computers.

While today’s computers use ones and zeros to store information, a quantum computer is based on quantum bits, or qubits, which can consist of a combination of ones and zeros simultaneously, something that is known in the field as superposition. These qubits can also be linked through a phenomenon called entanglement.

Simply put, it means that quantum computers are much more powerful than current machines and can solve complex calculations much faster.

Kasper Rasmussen, an associate professor of computer science at the University of Oxford, told CNBC that quantum computers are designed to perform “certain very specific operations much faster than classical computers.”

That does not mean that they can solve all the tasks. “This is not a case of: ‘This is a quantum computer, so it just runs whatever application you put there much faster.’ That’s not the idea, “Rasmussen said.

This could be a problem by modern encryption standards, according to experts.

“When you and I use PKI encryption, we do the halves of a difficult math problem: prime factorization,” Williams told CNBC. “You give me a number and I calculate what the prime numbers are to calculate the new number. A classical computer cannot break that, but a quantum computer will. “

Williams believes his company has found the solution. Rather than relying on public key cryptography, Arqit sends symmetric encryption keys (long random numbers) through satellites, something it calls “quantum key distribution.” Virgin Orbit, which invested in Arqit as part of its deal with SPAC, plans to launch the satellites from Cornwall, England, by 2023.

Why does that matter?

Some experts say it will be some time before quantum computers finally arrive in a way that could pose a threat to existing cyber defenses. Rasmussen doesn’t expect them to exist in any meaningful way for at least another 10 years. But it is not complacent.

“If we accept the fact that quantum computers will be around in 10 years, anyone with the foresight to record important conversations now might be in a position to decipher them when quantum computers emerge,” Rasmussen said.

“Public-key cryptography is literally everywhere in our digitized world, from your bank card, to the way you connect to the internet, your car key, and IOT (Internet of Things) devices,” Ali Kaafarani , CEO and founder of cybersecurity startup PQShield, told CNBC.

The US Department of Commerce’s National Institute of Standards and Technology is looking to update its standards on cryptography to include what is known as post-quantum cryptography, algorithms that could be secure against attack from a quantum computer.

Kaafarani expects NIST to decide on new standards by the end of 2021. But he cautions: “For me, the challenge is not the quantum threat and how we can build encryption methods that are secure. We solve it ”.

“The challenge now is how companies should prepare for the transition to the new standards,” said Kaafarani. “The lessons of the past show that it is too slow and takes years and decades to switch from one algorithm to another.”

Williams believes companies should be ready now, adding that forming post-quantum algorithms that take public-key cryptography and make it “even more complex” is not the solution. He alluded to a NIST report that pointed out challenges with post-quantum crypto solutions.

Add Comment