Cryptic concerns – data security in a quantum age
Global risksArticleJuly 25, 2019
The power of quantum computing promises great opportunities for society. But its implications for security could threaten our digital lives. Businesses must prepare for the future now.
If one word captures the significance of quantum computing, it is ‘power’.
Quantum computers are exponentially more powerful than even the most advanced digital machines today. At the heart of this power are quantum bits, or ‘qubits’. While digital bits are binary –having a value of either ‘1’ or ‘0’ - qubits can exist in multiple states at once.
Quantum power presents great opportunities. IBM says it can lead to new breakthroughs in science, life-saving medical advances, and financial strategies to live well in retirement. Algorithms could even quickly direct emergency services such as ambulances. Little wonder that quantum computing has become a new front for both governments and businesses in the quest for competitive advantage. Both are spending billions on its advancement. As a result, what was until recently the stuff of science fiction will soon become reality.
Like the qubit, quantum computing does not have a single status for society – it is at once both an opportunity and a threat. One of the biggest threats concerns encryption.
Encryption provides the security and privacy for our online lives - from banking and homes to business and healthcare. It protects everything from sensitive personal data to state secrets. As the 2019 Global Risk Report put it, encryption forms the ‘scaffolding of digital life’.
But what is considered safe encryption today will soon be undermined by quantum computing. It has been estimated that it would take quantum power of 4,000 qubits to break today’s ‘strong’ encryption keys. Quantum computers are not there yet. Estimates suggest we may see this capability by 2023, and it will take longer for these machines to become reliable. However, weaker encryption algorithms will be threatened sooner, and the clock is clearly ticking on all of today’s methods.
Put simply, without quantum-safe cryptography and security, all information that is transmitted on public channels now – or in the future – is vulnerable to eavesdropping. Even encrypted data that is safe today can be stored for later decryption once a working quantum computer of sufficient capacity becomes available.
And, as tampered data would go undetected, the integrity and authenticity of transmitted information, would not be guaranteed. This violates business, ethical and legal requirements for data privacy and security.
The good news is that quantum-safe encryption algorithms are already being developed by companies including Google and Microsoft. But they are still in the theoretical and testing stages. The main challenge is retrofitting these new approaches into existing systems.
So what should be protected by these quantum-safe algorithms? The European Telecommunications Standards Institute suggests the following list of critical infrastructure:
- government and military communications
- financial and banking transactions
- confidentiality of medical data and healthcare records
- storage of personal data in the cloud
- access to confidential corporate networks
Quantum computing is an exciting development which promises a world of opportunities. To make it safe and sustainable, we must follow the example of the qubit. Our focus cannot be a case of power or security. It must simultaneously be both.
Risk management advice for businesses:
The race to quantum-safe security is on, but businesses cannot afford to watch from the sidelines. Those that rely on secure transmission of data, particularly those in the financial sector, should monitor the situation closely and start developing a plan to migrate to quantum safe algorithms when they are available.
Source: The Global Risks Report 2019, World Economic Forum – in partnership with Zurich Insurance Group