The technology one-upmanship between the United States and China is fast becoming the new space race. There’s been a lot of talk in the press about the competition to reach 5G, but little traction outside of the tech community about something more momentous: the dangers of computing in a post-quantum world.
The recent news from Google about its quantum capabilities is exciting. However, the prospect of supercomputing on this level raises several concerns about data integrity and the overall security threat.
What Is the Quantum Tech Race?
Nearly 40 years ago, Scientific American published an article that declared it would take 40 quadrillion years to crack the then state-of-the-industry RSA-129 security protocol. That feat was accomplished within 20 years from the date of that article, which was published in 1977.
As recently as two years ago, Phys.org published a piece warning that quantum computing was posed to destroy Internet security as we knew it. That pronouncement may seem slightly hyperbolic, but it isn’t far from the situation we face.
The quantum tech race is a virtual contest for Internet supremacy that’s being waged mainly between China and the United States. This technology is based upon the same principles and mathematical equations that drive research into quantum physics. It’s expected to transition from the theoretical, experimental realm to become a fully formed, game-changing technology by the year 2025.
That’s just over five years from now, which can seem like a century in terms of tech advances. Consider where we were just five short years ago.
Post-Quantum Danger Zone
Computers that employ quantum technology have the capability to perform complex calculations and run equally complicated models that smash the current encryption standards due to the power of this technology alone. The prospect of this led the National Sar Initiative (NSI) to issue the following statement:”This move (the call for quantum-safe encryption algorithms) has been triggered in part by a statement by the NSA in 2015 that surprised the whole community: ‘for those partners and vendors that have not yet made the transition to Suite B elliptic curve algorithms, we recommend not making a significant expenditure to do so at this point but instead to prepare for the upcoming quantum-resistant algorithm transition.'”Both American tech researchers and their Chinese counterparts have declared that the future is coming sooner than we think.
There are some politicians, researchers, and members of the military who believe that China has gained an edge in the competition. However, as of October 2019, Google claimed that it had jumped ahead of China.
Last December, Congress passed the National Quantum Initiative Act, which is expected to disperse US$1.275 billion for quantum research over the next four years.
Those pronouncements may or may not be accurate, but the fact is that our current encryption technology is no match for quantum-powered supercomputers. The first commercially available quantum-based supercomputer is expected to be on the market by 2022.
Falling behind in quantum-based cybersecurity not only endangers financial and personal information stored on hard drives and in the cloud, but it also puts U.S. national security at risk.
“Quantum computers have the potential to disrupt current security protocols that protect global financial markets, render many of today’s sophisticated encryption systems inoperable, and upend secret government intelligence,” wrote Erica Orange & Jared Weiner, and Eshanthi Ranasinghe, in an article posted on Medium.
The U.S. and China aren’t the only players in this game. They’re just the biggest — and the ones that pose the potentially gravest threat to the others. The EU has unleashed $1.4 billion in quantum tech funding, and even e-commerce mega-platform Alibaba has built its own quantum computing research lab.
As it stands now, current cybersecurity solutions for consumers and businesses rely heavily on virtual private networks (VPNs), which use cryptography to create a secure tunnel between a user and the open Internet.
The rapid advent of a quantum computer is likely to threaten the security of communications and data. Secure-IC is deeply involved in renewing the security technologies prior to the quantum era to ensure a safe and sound transition. This is why so many renowned experts in the field are designing cryptographic technologies resistant to quantum attacks.
Does this mean cryptography-busting quantum computers are turning one of security’s most popular tools suddenly obsolete? If VPN technology doesn’t evolve to keep pace, that would be the expected result.
The good news is that efforts like the NIST Post-Quantum Project have forked the most effective encryption protocol on the market today, OpenVPN, and intend to have a quantum-resistant foundation for future VPNs to incorporate.
The better news is that some of the industry’s largest Web hosting companies have raised the bar higher, even though they have many more improvements ahead to compete with the “violent” upcoming technological advancements.
Global companies like HostGator already are moving in this direction, slowly but surely, by offering extra security features like the ability to add SiteLock monitoring to a site. This service runs daily, looking for potential site breaches or hacks, and lets you know instantly when either is found.
While the details might not yet be clear, expect the hosting industry to be ready to do its part to resist quantum hacking.
Further, cybersecurity industry leaders like ExpressVPN and NordVPN already offer OpenVPN among their protocols, and you can expect other providers to follow suit as the prospect of quantum technology reaching the market draws near.
Meeting the Challenges
The best way to fight fire is with fire, and so it is with quantum computing and cybersecurity. We’re facing some serious issues — but there are some encouraging proposals for effective solutions and countermeasures.
The main goal of cybersecurity is preventing breaches and preserving data integrity. Current cryptography relies on asymmetrical encryption that uses a system of public and private keys to grant database access. The public portion of the virtual “key” can be used by anyone to deposit information, but it can be accessed only by whoever holds the private key.
As of now, there are only four algorithms that quantum systems can solve that are unsolvable by conventional computer tech. The goal is to use technologies like blockchain, AI and machine learning to create uncrackable encryption standards that are going to become state-of-the-industry in the post-quantum world.
Researchers are trying to fix the problem by breaking a few things in a testing arena using the same basic concepts. For example, the Computer Security Resource Center (CSRC) is working on standardizing post-quantum cryptography protocols.
In August 2019, IBM submitted its own algorithm in answer to the National Institute of Standards and Technology call for such research. The algorithm, known as “CRYSTALS” (Cryptographic Suite for Algebraic Lattices) has succeeded at encrypting a magnetic tape drive-based storage system at its research facility.
The good news for researchers and enterprising tech entrepreneurs is that these algorithms are based on open source technology, which allows others to work on the problem and develop viable solutions ahead of the looming techpocalypse that’s been predicted.
Beneath the bravado among superpowers about the tech supremacy is the struggle among tech security professionals, like DevOps and DevSecOps, to keep pace. Advances in computing certainly are life-changing, but the push to see how fast — and how far — we can surge into cyberspace brings with it a parallel need for comparable levels of mastery in cybersecurity.
The fault doesn’t lie with security specialists, per se. Behind the scenes, they’re working hard to develop post-quantum cryptographic security solutions that include advances based on the same technology.
It’s a lengthy process.
There’s a lot of optimism within the industry, though. Cryptanalysts are confident that they’ll be ready to meet the challenge when quantum supercomputers become stable and powerful enough to break through current public-key encryption standards.