Quantum cyber risk – securing tomorrow

With billions being spent on building quantum computers, the race is on to fully harness their capability. This is a race for a new industry and a race to build technological superiority at a national level.

More than 30 nations have published a quantum technology strategy. Each of them sees opportunities for using this new type of computation to tackle a wide variety of problems, from the discovery of new drugs and new chemistry to more efficient processes for managing energy generation or telecommunication networks.

However, many of these nations also recognise the potential for a quantum computational capability that may be able to break public key encryption. In cyber security encryption, we have been relying on specific mathematical problems that would take more than a trillion years of classical compute time to resolve. So, as we scale quantum computers — in terms of more qubits and larger systems — we get closer to cryptographically relevant quantum computers (CRQCs) where the risk of being able to practically break encryption is increasing.

Harvest now, decrypt later

However, that is not the whole story. Some bad actors are capturing data now with the intention of opening that data with a quantum computer in the future. So, in some cases where you want to keep data secure for many years, you need to consider if a CRQC will be available in that timeframe. For example, for financial information the common requirement on retention is seven years; however, in other cases you may want to keep data secure for decades. You might think of the design drawings of a nuclear submarine, or the financial details of a 30-year mortgage — or your own health records.

Breaking public key encryption

But how likely is it that quantum computers could break encryption? Well, mathematically, it has already been done, 30 years ago. In 1994 , at the 35th Annual Symposium on Foundations of Computer Science in Santa Fe, New Mexico, Peter Shor presented an approach upon which he expanded in a paper called Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer.

Although at this moment, the quantum computers known to exist are not of sufficient size to use Shor’s algorithm to practically break public key encryption, many researchers are working on developing approaches to reduce the size of the system required to achieve that goal. So, on the one hand there is a drive to build bigger and better systems and on the other, there is a drive to make those systems as efficient and effective as possible. Together, this will shorten the time to a practical CRQC, which some expect within less than 10 years — so with mitigation likely to take 3 to 5 years, there is a need to act on this now.

Building quantum resilience

In fact very recently, in August 2024, after eight years of work, the National Institute of Standards and Technology (NIST) published Federal Information Processing Standard (FIPS) 203, FIPS 204 and FIPS 205, which specify standards for post-quantum cryptography (PQC) algorithms, designed to provide encryption schemes resistant to quantum computers.

This will not be a simple transition. Addressing quantum cyber risk and migrating to PQC will be a multi-year process involving interdisciplinary teams, working across organisations, including software issues and hardware implementation. The hardware and procurement issues are a key driver of the projected transition costs and will be a significant budget item for all organisations seeking to be quantum resilient. This is because quantum computation is not an evolution of the computational systems we work with today, but an entirely new type of computer, so the issue is not one of software alone.

The cost of quantum preparedness

In response to the Quantum Computing Cybersecurity Preparedness Act (“the Act”), 6 U.S.C. § 1526, the US Office of Management and Budget (OMB) prepared a report on PQC which projects that that the total government-wide cost of performing a migration of prioritised information systems to PQC between 2025 and 2035 will be approximately $7.1 billion at 2024 rates. This does not include National Security Systems (NSS). These costs are significant for nations and for companies that rely on secure communications using encryption, as we all do; whether that is for payments, emails or for electronic signatures, the impact of this vulnerability will be far and wide.

Coordination and collaboration

Several industry organisations recognise that this issue will need immediate action and coordination to manage this multiyear transition and have put out guidelines for action. In telecoms, the Global System for Mobile Communications Association (GSMA) have published Post Quantum Cryptography – Guidelines for Telecom Use and in finance, the Monetary Authority of Singapore have written to the CEOs of all financial institutions providing an advisory on addressing the cybersecurity risks associated with quantum computing. In Europe, the World Economic Forum and IBM believe that there is an opportunity for industry-specific frameworks and best practice guidelines for the broad adoption of post quantum cryptography (PQC) algorithms. The UK National Cyber Security Centre (NCSC) have stated that ‘for organisations that need to provide long-term cryptographic protection of very high-value data, the possibility of a CRQC in the future is a relevant threat now.’

To deal with quantum cyber risk, organisations need to start with some simple questions: what encryption are we using? Where are we using it? And what is the value of the data?

Taking action today

Most organisations don’t have a register or the systems to be able to answer these questions. As a first step, building a cryptographic bill of materials (CBOM), would be a great move towards understanding the scale of the issue. Then consideration can be given to plans for immediate management action, mitigation and transition to PQC with an understanding of what to prioritise, what algorithms to choose and how to budget for this effort to secure tomorrow.

For you

Be part of something bigger, join BCS, The Chartered Institute for IT.

The good news is that large organisations such as Microsoft, Apple, Google, and Meta have already been working on their own plans. For example, Google has implemented the module lattice key encapsulation mechanism (ML-KEM)  (FIPS-203) in their cryptography library, Boring SSL, which will allow for deployment and will be available in Chrome 131 in early November 2024 with the PostQuantumKeyAgreementEnabled flag. This does not guarantee a solution to the issue because, as Google says, ‘devices that do not correctly implement TLS may malfunction when offered the new option. For example, they may disconnect in response to unrecognised options or the resulting larger messages. Such devices are not post-quantum-ready and will interfere with an enterprise's post-quantum transition.’

The transition to PQC at scale for organisations and nations will not be easy and will take a mix of systems and technologies. IBM and Infosec Global are working to provide tools to support organisations to better manage a managerial and operational understanding of status and progress. So, wherever your area of interest — whether managing, budgeting or mitigating this risk — if you haven’t already, it is time to get started.