LONDON: Arqit, a little-known British firm, is quietly preparing businesses and governments for what it sees as the next major threat to their cyber defences: quantum computers.
Although it is still a very young field of study, some in the tech industry, including Google, Microsoft, and IBM, believe quantum computing will become a reality within the next decade. That could be concerning for organisations’ cyber security.
According to David Williams, co-founder and chairman of Arqit, quantum computers will be several million times faster than classical computers and will be capable of breaking into one of the most widely used cryptographic methods.
“The legacy encryption that we all use to keep our secrets safe is known as PKI,” or public-key infrastructure, according to Williams in an interview. “It was developed in the 1970s.”
“PKI was originally designed to secure two computers’ communications,” Williams added. “It wasn’t designed for a hyper-connected world with a billion devices communicating in a complex round of interactions.”
Customers of Arqit, which is planning to go public through a merger with a blank-check company, include BT, Sumitomo Corporation, the British government, and the European Space Agency. Some of its members previously worked for the United Kingdom’s intelligence agency, GCHQ. The company only recently emerged from “stealth mode,” a temporary state of secrecy, and its stock market debut couldn’t come at a better time.
A series of devastating ransomware attacks on organisations ranging from Colonial Pipeline, the largest fuel pipeline in the United States, to JBS, the world’s largest meatpacker, have occurred in the last month.
Meanwhile, Microsoft and several US government agencies were among those impacted by an attack on IT firm SolarWinds. President Joe Biden recently signed an executive order aimed at strengthening the United States’ cyber defences.
What exactly is quantum computing?
Quantum computing seeks to apply the principles of quantum physics to computers. Quantum physics is a branch of science that seeks to describe the world at the level of atoms and subatomic particles.
In contrast to today’s computers, which use ones and zeroes to store information, a quantum computer uses quantum bits, or qubits, which can consist of a combination of ones and zeroes at the same time, a phenomenon known in the field as superposition. These qubits can also be linked together by a process known as entanglement.
Simply put, quantum computers are far more powerful than current machines and can solve complex calculations much faster.
According to Kasper Rasmussen, associate professor of computer science at Oxford, quantum computers are designed to perform “certain very specific operations much faster than classical computers.”
That is not to say they will be able to complete all tasks. “This isn’t the case of saying, ‘Because it’s a quantum computer, it just runs whatever application you put on it much faster.’ That is not the intention, “Rasmussen explained.
According to experts, this could pose a problem for modern encryption standards.
“When you and I use PKI encryption, we’re doing halves of a difficult math problem called prime factorisation,” Williams explained. “You give me a number, and I figure out what the prime numbers are in order to calculate the new number. A traditional computer will not be able to break that, but a quantum computer will.”
Williams is confident that his company has discovered a solution. Instead of using public-key cryptography, Arqit uses satellites to distribute symmetric encryption keys — long, random numbers — a technique known as “quantum key distribution.” Virgin Orbit, which invested in Arqit as part of its SPAC transaction, intends to launch the satellites from Cornwall, England, by 2023.
What is the significance of this?
According to some experts, it will be some time before quantum computers arrive in a form that could pose a threat to existing cyber defences. Rasmussen believes they will not exist in any meaningful way for at least another ten years. But he’s not a slacker.
“If we accept that quantum computers will exist in ten years, anyone who has the foresight to record important conversations now may be able to decrypt them when quantum computers become available,” Rasmussen said.
“Public-key cryptography is literally everywhere in our digitised world, from your bank card to how you connect to the internet, to your car key, to IOT (internet of things) devices,” said Ali Kaafarani, CEO and founder of cybersecurity start-up PQShield.
The National Institute of Standards and Technology of the United States Commerce Department is looking to update its cryptography standards to include what is known as post-quantum cryptography, or algorithms that could be secure against a quantum computer attack.
Kaafarani anticipates that the NIST will decide on new standards by the end of 2021. But, he cautions: “The challenge, in my opinion, is not the quantum threat, but rather how to develop secure encryption methods. We figured it out.”
“The challenge now is figuring out how businesses should prepare for the transition to the new standards,” Kaafarani said. “Lessons from the past show that switching from one algorithm to another is too slow and takes years or decades.”
Williams believes that businesses must be prepared now, and that developing post-quantum algorithms that take public-key cryptography and make it “even more complex” is not the solution. He alluded to a NIST report that noted difficulties with post-quantum cryptographic solutions.