Cryptography is an indispensable tool used to protect information in computing systems. It is used everywhere and by billions of people around the world every day. It is used to ‘protect data at rest and data in motion’.
An extraordinary amount of data is produced on a daily basis. Out of the 2.5 quintillion bytes created, stored and exchanged are private health records, online financial transactions and mountains of sensitive information. In the wrong hands, access and exposure of this information could leave individuals and organisations vulnerable.
So cryptographic systems are like universal mathematic padlocks that keep adversaries and outsiders out. Within cryptography, encryption focuses on the problem of how two parties can communicate in secret in the presence of an eavesdropper. Thus “encryption” basically is the process or algorithm created to make information hidden or secret. Today the most widely used encryption method is the RSA algorithm that is used in essentially every web connection over text message and email (99 per cent).
The bad news is that the foundations of modern cryptography at a grave risk of becoming obsolete and antiquated. The emergence of new forms technology and the arrival of more interconnected global networks like 5G means that the amount of data produced will continue to rise along with the threats to organisations over the next decade.
But perhaps most alarming of all is that the arrival of quantum computers could entirely undermine the functionality of modern day encryption methods like the RSA. Future quantum computers will have an insane capacity to sort and find prime numbers meaning that they could unscramble current algorithms very quickly. Access to a quantum computer would therefore provide the user with the ultimate master key, opening any mathematical padlock today.
This week Quantum Business spoke to Grégoire Ribordy the CEO of Swiss cybersecurity firm, ID Quantique (IDQ). Grégoire argues that within the next ten years, the quantum threat will become concrete. It is therefore absolutely imperative that industry leaders direct their organisations to transition to something quantum safe today.
“The challenge is that when quantum computing becomes powerful enough then quantum computing will be able to break classical code or public cryptography that is used today. That’s going to be a big problem because we’ll have to either upgrade to something else – a technology called quantum safe. Or we will lose all security, which is something we cannot afford as a society as we rely so much on information and IT that we need to be secure.”
ID Quantique is a world leader in quantum-safe crypto solutions, designed to keep data safe for the long-term future. The organisation provide solutions and services to the financial industry, enterprises, governments and organisations globally. At the end of last month they announced a partnership with the main telecom operators in Korea, SK Telecom for an investment deal worth $65 million.
Grégoire formed ID Quantique with two university professors back in 2001 and he has run the company as CEO ever since. “I am a physicist by training but I am not doing so much physics any more. I am working on the business aspects and strategic partnerships.”
Today, Grégoire claims that the organisation is active in two main areas. “One is quantum communications and the other is quantum sensing. These are two areas that are not directly connected to quantum computing but rather are based on similar technologies where there is similar interaction.”
“Quantum communication or quantum cryptography is about how to secure communications”
Analysing the Threats Today
“The field of cyber security is very complex with a very long list of threats. We are active in one particular area which is the security of encryption. Data is protected by encryption. In general data should always be encrypted but the best practices are not always applied.”
“The challenge is that when quantum computing becomes powerful enough and we see this threat in the medium term (10 years), then quantum computing will be able to break classical code or public cryptography that is used today. That’s going to be a big problem because we’ll have to upgrade to quantum safe technologies. Or we will lose all security, which is something we cannot afford as a society as we rely so much on information and IT that we need to be secure.”
“We see two things. There’s more and more understanding in the market of the threat quantum computing will pose when it becomes mature enough. We started in 2001 and initially we were preaching alone in the desert, now people understand what a quantum computer is and how it will have an impact on cyber security.”
Grégoire explains that another threat has emerged and that people understand that there is ‘a backward’ vulnerability. “If data has a long lifetime it could be recorded today in an encrypted format by an adversary, stored for a few years. And when a quantum computer becomes available, this sensitive information could be decrypted. If this data is valuable then it could impose a retro-active security risk.” Companies and governments therefore need to act now to protect their sensitive data.
Quantum Safe Networking Encryption
Quantum Safe Encryption is a solution ID Quantique provides to organisations today. Gregoire explained what makes this unique. “Traditionally people used mathematical codes to protect information and these codes are based on encryption keys and if you can try all the keys you can break the keys. That means that if you have enough computing power you can basically create a threat. Now our approach is different as it doesn’t rely on mathematics in terms of code but it relies on physics – on quantum physics. So we are doing communication of the encryption key at the quantum level.”
“At the quantum level there’s what’s known as the Heisenberg Uncertainty Principal which means that as you intercept information it can be perturbed and detected. You can essentially see if someone is listening in.”
“In practical terms what this means is that typically communications are done on optical fibres. Classical communication rely on bright pulses of light – millions of pulses of photons. And an adversary can intercept a few of these photons, get 100% of the information without perturbing the photons.”
“What we do is we work at the single photon level – so one bit of information is coded on a single particle of light, which is a quantum object which will be perturbed by interception.”
Main Industry Partners
Grégoire outlines the main enterprise customers partnering with ID Quantique today and what trends are emerging. “The three main industries we focus on today are ‘financial, government, and then Intellectual Property [IP] intensive industries. These are the main current markets. But what we expect in the next 6 – 12 months is to see more interest in telecommunication operators. We are doing work today with a couple of these today but we expect growth in this area to protect communications of customers’ data but also to protect the infrastructure of these telecom operators in the sense that they also use their network to send configuration information and this will also be secure. One of the trends that underlines all of this is 5G.”
KPN is a Dutch mobile telecommunications company that partnered with ID Quantique in the Spring of 2016 to implement a Quantum Key Distribution (QKD) trial. In 2012, they had to entirely rethink their cyber security strategy after a 17 year old hacker broke into the KPN network in January 2012.
“In the case of KPN what we did was to secure a communication link between two of their data centres. They wanted to learn about this technology. That is one of the challenges as when you say the word ‘Quantum’ it still sounds kind of magic. So sometimes one of the challenges we face is to convince people that you don’t need a PHD in quantum physics to operate our equipment – An IT engineer can configure and use our equipment. That’s the first partnership we did with KPN was to do a real word deployment so that they could learn about this. We are now looking at next steps.”
Rethink Your Cyber Security For the Quantum Era!
Gregoire outlined what organisation need to do to create a robust cyber security strategy for the quantum era. “Leaders need to do three things before they deploy a system. First of all they need to do a quantum risk assessment. Before deploying anything it’s very important for them to assess where they are most vulnerable. The questions should be where should I start and where should I wait? So the first thing they need to do is a risk assessment.
“The second thing to do is to start with a strategy early enough as there’s nothing worse than having to rush and upgrade. In fact this is the best way to get things wrong – go over budget and to get something that doesn’t work. Really you need to plan early enough so you can handle your strategy in a proper way. Leaders must be aware that this isn’t going to be an overnight fix. “It’s going to require a little bit of effort but if it’s planned ahead it can be managed.”
“The third thing is to allow for a seamless upgrade and build into systems crypto agility. “This is the ability to upgrade the cryptography part without having to throw away everything. That would be required and would be too bad to dismantle an entire system just because it isn’t quantum safe.”
“So once leaders consider these things they can go ahead with deployment. Ultimately, leaders need to be open-minded of new technological threads and have the ability to think ahead. The joke in the industry is to say that when people talk about the risks of quantum computing the first reaction is ‘I don’t care, I’ll be retired by then’. Leaders just can’t afford to think in this way and must be open minded to change.”
Grégoire Ribordy, is the CEO of ID Quantique
Welcome to Quantumbusiness.org. The first news portal dedicated to exploring the quantum computing revolution and its forthcoming impact on global industry. For more information on content creation and the opportunity to share your story with the world, please contact our lead editor Hal Briggs [firstname.lastname@example.org].
Article written by Hal Briggs from Quantum Business