There is a lot of arguing, dissent and noise about whether quantum computing is here and now, or there and later. In my day job, I write a lot about successful breaches, including the first fake Banksy NFT, the T-Mobile breach and the recent Twitch attack. So, I wanted to take the time to approach the problem from a security perspective and how worried or not we should be about the imminent creation of quantum computers.
Before I start out, may I say: the advent of quantum computers is not a bad thing. While the main issue for myself and other cybersecurity geeks is that they can easily be used for decryption and data breaches, that’s the negative side, whereas the benefits will be myriad: advances in data analysis, cryptography, medical research and travel by plane, train and automobile.
But, since I’m the boring humbug who focuses on attacks, and any quantum computer could crack most coding from day one, let’s start there.
How soon is soon?
According to a 2016 article in The New Yorker, academic Michele Mosca, professor at the Institute for Quantum Computing at the University of Waterloo put the date at 2026 – and that was back when IBM only boasted five physical qubits – a mere five years later, it now has 100, and are predicting 1,000 by the end of 2023. For those not in the know, 1,000 is the ‘magic number’ for the creation of a stable quantum computer.
With the ramping up of logical qubits now at full force for most research projects, particularly with Google’s quantum computer, Sycamore (which runs on 54 physical qubits), the introduction of these logical qubits as an error reduction tool has meant a huge leap forward.
On the other side of the coin, you have processor innovators Intel, which has its very own quantum simulation lab, where it has been producing quantum processors for some years. In a 2018 interview with Scientific American, Intel’s director of quantum hardware, Jim Clarke, had this cautionary but positive take:
“The first transistor was introduced in 1947. The first integrated circuit followed in 1958. Intel’s first microprocessor—which had only about 2,500 transistors—didn’t arrive until 1971. Each of those milestones was more than a decade apart. People think quantum computers are just around the corner, but history shows these advances take time. If 10 years from now we have a quantum computer that has a few thousand qubits, that would certainly change the world in the same way the first microprocessor did. We and others have been saying it’s 10 years away. Some are saying it’s just three years away, and I would argue that they don’t understand how complex the technology is.”
Three years away from Clarke’s interview is this year, and his cautious prediction of a decade away is now only seven years from today.
So, are we there yet?
Forbes’ council member Gary Fowler had this to say in his recent Forbes article: “The reality is, the quantum revolution is already happening — it’s not a product of the future anymore. The question isn’t, ‘When will it impact our lives?’ but rather, ‘How will it change our lives?’ Studies have already predicted that quantum computing will become a multi-billion-dollar industry as early as 2030. And at this early stage, businesses can begin preparing for the onset of new technology.”
My not-so-hot take then? I think it’s safe to say that while the launch of a computer that changes the way we do day-to-day business is certainly not immediate, a test environment machine that could bring current encryption – be that of governments or private enterprises – to its knees is certainly nigh. And internal breaches in businesses and academia are often the source of hackers’ most substantial hauls.
Enter the new player: Arqit Quantum, Inc.
While repeatedly talking about a possible threat and then offering a magical solution to it is a defence industry tale as old as time, there is something to be said for educated guesses. And the truth is, most erudite sources believe that the imminence of these devices is ramping up.
In his incredibly detailed and persuasive self-published LinkedIn article, David Williams, co-founder and chairman of Arqit, says that the time is now for companies to act to protect themselves from the threat of quantum computing attacks.
Arqit’s platform-as-a-service offering is simple: “The world needs stronger, simpler encryption, and that is what Arqit has invented,” he explains. “A little like using a pathogen to create its antidote, we use some transformational quantum encryption techniques to create keys that are safe from quantum attack. These are one-time keys, created in the moment they are needed, in a trustless manner.”
The interesting thing is that these keys are useful against most of the types of attacks that are happening every day – so that means, with Arqit’s cloud-based symmetric encryption approach (called simply, QuantumCloud), you’re covered now, and when quantum computers finally land.
Lest you think this is an obsessive level of security, I found this article by Mark Jones, engineering manager at Thales, of interest. Dating back to spring 2017, Jones cautions those seeking prevention against the future threat of quantum computers to not view this protection as the only security measure needed. Hackers, he so rightly says, will continue using every other method available, and any new algorithms or keys, should provide multiply-strong protection.
Toggling back to Arqit’s Williams: “The pursuit of solutions to the major problems of quantum encryption means that in fact our technology solves major problems that are splashed across our headlines today, and we also have your back covered against the quantum threat, whenever it materialises.”
While you and I may not be entirely sold on the need today for quantum-savvy encryption, it seems like the right time for CISOs to start doing your research, building your business case, putting aside budget and having some honest talks with your fellow C-level colleagues.