##### By James Myers

## The rapid growth in the power and potential of quantum computing has heightened awareness about the uncertainties of its security.

A new report from IBM highlights an urgent need to conquer what the company calls a “cryptography crisis,” with the warning that, “Quantum computing poses an existential risk to the classical computer encryption protocols that enable virtually all digital transactions.”

Cryptography is now a main security concern for a quantum-enabled world that will emerge in the near future. Cryptography is the digital coding that provides two or more parties the ability to exchange information privately. Existing cryptographic standards protect critical assets including money, public transportation and energy infrastructure, personal data, and industrial and national secrets – but these standards will no longer apply to information stored and transmitted by quantum computers.

The focus on cryptography as the frontier of quantum security is not surprising, given the increasing instances of criminal and state-sponsored hacking of existing computer networks. There are few among us who have not suffered a theft of credit card data, a breach of e-mail security, or continued phishing attempts. Even the largest organizations with immense security resources are not immune.

#### Cyber-criminals are now increasing attacks on critical infrastructure.

Recent examples of damaging ransomware extortions against a major energy pipeline and a hospital are only a few among the escalating number of cyber security incidents. The U.S. Government’s Cybersecurity and Infrastructure Security Agency (CISA) provides alarming statistics, showing that one in three American homes have computers infected with malicious software, and 47% of American adults have suffered the exposure of their personal information to cyber criminals.

**Time is the difference in the challenge of quantum cryptography **

The challenge to developing safe cryptography standards for quantum computing lies in the technology’s fundamental differences from today’s binary computing.

Binary, or “classical”, computers operate with signals in one of two possible states, either “on” or “off” (or “1” and “0”). Since only one state can exist at any time in our classical computers, there is a difference in time separating the probability of either state. Quantum computers, however, transmit signals that are in both states simultaneously, with no difference in the timing of “on” and “off” among entangled qubits. Quantum signals existing in two states at a single time are said to be in “superposition” in the qubit.

- The qubit is unlike the classical computer bit, whose output at any time contains no probability of variation to the observer – and is therefore fixed in time. At any time, the observer will register the bit’s output as either “0” or “1,” but not both and not anything between either of the two limits. The qubit, however, provides the observer the entire range of probabilities to register outputs between the mutually exclusive extremes of 0 and 1 – including the potential of all but one of the infinite fractions that lie between the equal extremes. Unlike the bit, the qubit’s output therefore changes depending on the time of observation. *

Existing cryptography is most widely based on prime number factoring, which in today’s classical computers can require a significant amount of time that will reduce exponentially with the speed and accuracy of quantum computers.

Prime number factoring is a mathematical process that uses the fundamental theorem of arithmetic to break a number into the product of two or more prime numbers. A prime number is divisible only by one and itself, and every number greater than one can be derived by multiplying two or more prime numbers. Although a number like 1200 is relatively quickly broken down into its prime factors 2, 3, and 5 (as in 1200 = 2^{4} ∙ 3^{1} ∙ 5^{2}), finding the prime factors of large numbers is a time-consuming task with today’s computers. Operating in a quantum computer, Shor’s algorithm uses polynomial time – the vastly decreased time scale that applies to quantum signals in superposition – to factor the prime basis of numbers far more quickly. Unless a method to factor prime numbers in polynomial time can be developed for classical computers, existing cryptographic methods will be rendered obsolete in the post-quantum era.

#### The architecture of the quantum computer’s circuitry also necessitates changes to cryptographic standards.

Unlike the linear bits of today’s computers, qubits are the spherical geometry in which quantum computer signals will transmit a vastly increased amount of data. This causes differences in connections of the quantum transmission circuitry that, combined with the major advantage of polynomial time, requires a new approach to cryptography.

Compounding the challenge is that the current practice of distributing security keys over the internet between trusted parties will no longer be possible, and a different method of quantum key distribution (QKD) will be required to decrypt transmissions.

Further, there is concern that the use of Grover’s algorithm in quantum searches could allow quantum computers to break 256- or 512-bit key cryptography used with binary computers. That’s because the algorithm uses the quantum computer’s vast speed to generate a massive number of iterations in locating, with high probability, the inputs of a particular function. Some have pointed to the resulting security issues with both present and past public key distribution in blockchain technology used to record cryptocurrency transactions, and are working to create a “quantum-resistant ledger” to protect ownership of assets and user confidence.

It is generally agreed that existing cryptographic standards will not apply to quantum computing, and what is now called “post-quantum cryptography” will be necessary. The problem is that global standards for post-quantum cryptography and QKD do not yet exist.

**“Quantum computing won’t be practical for a long time” – So what’s the urgency?**

While many observers predict the reality of practical quantum computing applications coming years or decades in the future, many others are preparing for the advent much sooner.

The Quantum Record recently reported on recent major advances in the quantum computing revolution, evidenced by significant investment in research and development by some of the world’s largest companies.

This January, an industry-wide scare erupted when a paper was released with a claim that the worldwide RSA-2048 encryption standard – on which the security of our online banking and other critical functions relies – could be broken by an algorithm with a minimum of 372 entangled qubits. As The Quantum Record has already reported, IBM plans to release a 433-qubit machine called Osprey in 2023. When the claim was made, quantum computing lead at Moody’s Analytics Sergio Gago observed, “The media has echoed the research and its implications that are mainly a huge reduction on the expected timelines” for post-quantum cryptography and quantum key distribution. Fortunately, as Gago reported, “Our team has evaluated the paper and its implications, as well as the existing literature and the conclusion is that the research is a bit misleading and there is no imminent threat due to the convergence complexities” of the algorithm.

#### Uncertainty and a default bias to the present can lead to complacency, but history demonstrates the wisdom of planning.

A powerful recent example is the Y2K problem and the potential disaster that was averted by international coordination of governments and industry to upgrade critical computing systems. The issue arose from a seemingly minor decision made early in the launch of the digital era, in which dates on data files were truncated to two digits for the year. In the approach to the year 2000, it was realized that critical date-sensitive sequences of functions could fail if algorithms interpreted the transition from the year 1999 as a time reversal of one century, to 1900. Vast amounts of money and time were invested in remediation efforts that proved successful.

In our technological world, changes occur quickly and often unpredictably.

If, for example, a breakthrough in materials science were to occur next month allowing for the operation of a quantum computer at room temperature without environmental shielding, the technology and its applications could accelerate beyond all predictions.

That time may not be too distant in the future. In January, a new method of controlling electrons that operate the logic gates in silicon-based quantum computers was unintentionally discovered, advancing the hope of “building billions of qubits on a single chip”. The discovery uses electric rather than magnetic fields to control the electrons, and silicon allows operation at higher temperatures. When the major cost barriers of supercooling and environmental protection are removed, it is very likely that human ingenuity will prevail to unleash the speed and accuracy of the technology.

If we think our predictions are generally reliable, then we have to look back only to 1995 to witness a famously-underrated prediction of today’s pervasive extent of the internet when Microsoft founder Bill Gates assumed that it wouldn’t replace radios and tape recorders. But how many more people do we see today with smartphones in their hands, rather than radios and tape recorders? The fraction of the latter to the former is insignificant.

#### The speed of its advances may make technology particularly prone to prediction error.

Other spectacular miscues in history include Intel CEO Andy Grove’s 1992 statement, “The idea of a personal communicator in every pocket is nothing more than a pipe-dream fueled by greed.”

Paul Krugman, winner of the 2008 Nobel Prize in Economics, predicted in 1998 that, “The internet will fade away because most people have nothing to say to each other. By 2005 it will be clear that the internet’s impact on the global economy has been no greater than the fax machine.” Marty Cooper, who invented the mobile phone, asserted in 1981 that “Mobile phones will absolutely never replace the wired phone.”

Clearly, things can turn out quite differently from initial assumptions.

### Significant security efforts already underway

Who is working to advance knowledge of quantum security? The answer is, fortunately, many private and public interests, including:

**NIST – **The U.S. Government’s National Institute of Standards and Technology is working with the support of industry and academics to develop a standard for post-quantum cryptography.

In the Economist Group’s recent panel discussion on “How to safeguard data with post-quantum cryptography algorithms,” Lily Chen, Manager of NIST’s Cryptographic Technology Group, spoke of the risk that quantum computing could spontaneously decrypt static data, and of the need to understand differences in existing computer application environments to develop a robust post-quantum standard. She also referred to the exceptional “mathematical diversity” in the range of candidates for a reliable quantum standard.

**Governments and agencies **– In November, the U.S. government announced a project to “prioritize the timely and equitable transition of cryptographic systems to quantum-resistant cryptography, with the goal of mitigating as much of the quantum risk as is feasible by 2035.”

The NIST is one of the principal agencies participating in the U.S. government effort, although there are concerns that fully functional quantum computing may arrive before the 2035 deadline. As one of the three missions in its National Quantum Strategy, the Canadian government aims to establish a “national secure quantum communications network and a post-quantum cryptography initiative.” Among the goals of the U.K.’s National Cyber Security Centre is “defending the digital infrastructure on which a sustainable world depends”, and in its 2022 annual report warns that “Quantum computing has the potential to radically change our society, and also to damage our security if it is in the hands of our adversaries at an early stage.”

The Banque de France recently announced a successful test of communication security using “post-quantum algorithms” to protect the national financial infrastructure. The Chinese government is making significant investments in quantum technology and in 2020 achieved satellite-based quantum key distribution, although it is unclear whether its technological developments will be shared with the rest of the world.

**International **– Although not specifically related to quantum computing, United Nations agency UNESCO released its Recommendation on the Ethics of Artificial Intelligence in November, 2021. The recommendation focusses on safe and sustainable standards that comply with international law and principles of human dignity and rights.

**Universities and non-profit initiatives **– The University of Waterloo’s Institute for Quantum Computing and its affiliation with the non-profit Quantum-Safe Canada recently received government funding to further research on standards for quantum security.

Speaking about the challenges of quantum encryption, Michele Mosca, a founder of the IQC, stated, “It is an existential threat, I don’t mean to be dramatic but that’s what it is.” He said 10 to 20 years would be required to develop solutions, train workers and prepare new standards. Groups like the Computer Security and Industrial Cryptography group at KU Leuven, a research university in Belgium, are engaged in testing emerging standards and recently cracked one potential solution in an hour as reported by The Quantum Insider. In July, researchers in an international collaboration including the University of Oxford published results of “a complete quantum key distribution protocol immune to the vulnerabilities and defects of physical devices that plague current quantum protocols.”

**Industry **– An industrial alliance has formed in Germany with participating companies aiming to promote “industrially usable solutions for quantum secure communication and cryptography through national value chains” and underlining the risk to “technological sovereignty” from inaction.

In the Economist Group’s recent panel discussion, industry representatives from IBM and Vodaphone** **spoke about the pressing need to create an inventory of hardware and software cryptography requirements currently in place. Without a comprehensive list of the vast cryptographic protocols and hardware already in use, there is significant concern that critical systems will be exposed when cryptography methods change. Once an inventory is established, they warned that the individual problems will have to be prioritized to ensure the most critical are addressed first. They also spoke about the time necessary to modify supply chains, so hardware and software necessary for the new post-quantum cryptography standards will be available when required.

**What are the other possible security concerns?**

Other quantum security concerns are emerging beside cryptography. Among them are protection of hardware, which currently must be shielded against any interference from electromagnetic or other environmental variables to ensure signal fidelity.

The potential for data theft and scrambling will be issues for quantum computing as they are for existing classical computing. Physical security for data storage and transmission will continue to be important, as will understanding the different points of vulnerability in the quantum ecosystem.

It is currently uncertain whether entangled pairs of qubits in any particular algorithm will require protection against unauthorized connections to qubits operating in different algorithms. This is due to the spherical geometry of the qubit that connects to the universe at the quantum level. The quantum is the smallest amount of energy in the universe that can cause change or be changed, and the problem with the quantum (or multiple, quanta) is that there is no difference from one to the other. Since any quantum is the same as any other quantum, how can we guarantee that the quanta operating in one algorithm will not interfere with the quanta operating in another – either by accident or by design?

The proposition of quantum interference may not be far-fetched. In October, Quanta Magazine reported that a lab in China succeeded in entangling three qubits simultaneously, whereas existing quantum processes operate in pairs of entangled qubits. While the potential to entangle more qubits could boost security in a widely-distributed platform such as the internet, without proper safeguards it could also provide an opportunity for undetected and unauthorized connection.

**Where do we go from here?**

Raising awareness among the general public and legislators of the issues surrounding quantum security is essential to build momentum for a solution. Although the subject can be highly technical, involving physics, mathematics, geometry, and information science, there are many capable communicators who are working to build knowledge and engage the public.

Public lectures, such as quantum physicist Shohini Ghose delivered at the Perimeter Institute in 2020, help to reduce the complexities and bring the issues into clearer focus. Productions like Yuval Boger’s The Superposition Guy’s Podcast help bring together scientists working on developing issues for quantum computing in a sharing of knowledge. Free publications like Quanta Magazine, which is supported by the Simons Foundation and hosts two podcasts (Susan Valot’s Quanta Podcast and Steven Strogatz’ Joy of Why podcast), bring topics specific to quantum computing as well as related discoveries in physics, mathematics, and information science, to the public in an engaging and clearly-explained manner.

#### History demonstrates that human potential and creativity can conquer many extremely complex problems in science, but also warns that the process of knowledge discovery can require large amounts of time.

Albert Einstein didn’t spontaneously uncover the secrets of special and then general relativity in the decade between 1905 and 1915. To theorize what has revolutionized our lives in just over a century, Einstein incorporated the discoveries of brilliant scientists like James Clark Maxwell (1831-1879), Hermann Minkowski (1864-1909), and Isaac Newton (1642-1727). Newton credited his own discoveries to the scientists who went before him; as he wrote, “if I have seen further, it is by standing on the shoulders of giants.”

If we approach the challenges of post-quantum cryptography with the same dedication and regard to knowledge as the giants of the past like Einstein, there is no reason to think that a quantum-secure future is beyond our reach.

The question remains, however, how much time do we have before quantum security becomes essential? Will our advances in quantum mechanics outpace our progress on the frontiers of cryptography? Operating as the universe does with the principle of uncertainty, we have no guarantees of obtaining the knowledge in the right order – but we can control our priorities and apply every effort to averting a “cryptography crisis”.