Cloud Hosting

McClure, Manager, Quantum Engineering, IBM Research on October 18, 2019 at IBM's research facility in Yorktown Heights, N.Y. (Photo by Misha Friedman/Getty Images)Getty Images

The news that IBMIBM has used a quantum computer to solve a problem that that stumps the leading classical methods is another step on the road to what has become known as quantum advantage, where a quantum system solves a problem that cannot be solved by any amount of classical computation. For those of us in and around fintech, the one problem that we really want to solve is breaking public key cryptography so that we can forge digital signatures, get access to bank systems and, of course, steal a lot of BitcoinBTC.

This is important stuff. In the British governments new technology strategy, quantum computing is one of the priority technologies and it is easy to understand why. That point about solving problems beyond the reach of existing computers means that there is something of an arms race underway, with quantum supremacy as the goal.

It will take a while to get to the aforementioned quantum supremacy, where quantum computers can outgun the classical incumbents. But the IBM solution is already at 127 qubits (quantum bits). If quantum computers are put up against a classical supercomputer capable of up to a quintillion (10^18) floating-point operations per second, quantum supremacy could be reached with as few as 208 qubits. Quantum supremacy isnt science fiction.

Now, as is well known, one of the interesting problems that a quantum computer can solve is breaking the asymmetric cryptography at the heart of cryptocurrency in order to transfer money out of lost or abandoned wallets. If you look at Bitcoin, for example the accountants Deloitte reckon that about four million Bitcoins will be vulnerable to such an attack. That means there are billions of dollars up for grabs in a quantum computing digital dumpster dive.

If we apply quantum computers to the problem of breaking the 256-bit elliptic curve encryption of keys in the Bitcoin network within the small available time frame in which it would actually pose a threat to do so, researchers calculate it would require 317 106 physical qubits to break the encryption within one hour using the surface code, a code cycle time of 1 s, a reaction time of 10 s, and a physical gate error of 103 10 3. To instead break the encryption within one day, it would require 13 106 physical qubits. So never mind quantum supremacy with a few hundred quibits, quantum computers would need millions of physical qubits to be a threat to Bitcoin.

OK, thats not going to happen tomorrow. Nevertheless, quantum computing will come. So is the sky falling in for the banks and the credit card companies and mobile operators and the military and everyone else who uses public key cryptography then? Well, no. They are not idiots with their heads in the sand and they are already planning to adopt a new generation of Quantum Resistant Cryptographic (QRC) algorithms to defend their data against the inevitable onslaught from quantum computers in unfriendly hands.

They have been looking towards the National Institute of Standards and Technology (NIST), which last year selected a set of algorithms designed to withstand such an onslaught after a six-year effort to devise encryption methods that could resist an attack from a future quantum computer that is more powerful than the comparatively limited machines available today. NIST has now released these algorithms as standards ready for use out in the wild.

(If you are interested in the details, the algorithms are:

CRYSTALS-Kyber, designed for general encryption purposes such as creating secure websites, is covered in FIPS 203;

CRYSTALS-Dilithium, designed to protect the digital signatures we use when signing documents remotely, is covered in FIPS 204;

SPHINCS+, also designed for digital signatures, is covered in FIPS 205;

FALCON, also designed for digital signatures, is slated to receive its own draft FIPS in 2024.)

These algorithms are important because, as noted, while there are no cryptography-breaking quantum computers around right now, they will come. As the quantum technology advances, there will be an inevitable competition between the quantum computers that can break cryptographic algorithms and the cryptography community's efforts to develop quantum-resistant algorithms. This means there will be a period where entities (eg, Visa and the DoD, not just Bitcoin) will be transitioning to new cryptographic methods.

That period is now, by the way, which is why the US Cybersecurity and Infrastructure Security Agency (CISA) has just issued a note calling on critical infrastructure and other organizations to begin work now to create road maps for how theyll migrate to QRC.

(The cryptocurrency world should follow suit so that if and when quantum computers become a threat, then cryptocurrencies can be updated to use QRC. This would be a significant undertaking, but it's theoretically possible.)

Technology strategists in banks, fintechs and crypto know why these standard algorithms are being pushed out now, when any actual quantum computer is still some years away. The fact is that you can be at risk from quantum computers that do not yet exist because of what is known as the harvest now, decrypt later attack. Its the idea that your enemy could copy your data, which is encrypted, and they can hold onto it right now. They cant read it. But maybe when a quantum computer comes out in 10 years, then they can get access to your data.

If the information youre protecting is valuable enough, then youre already in trouble because of that threat and you need to start working on your road map soon.

Aninternationally-recognised thought leader in digital identity and digital money named one of the global top 15 favourite sources of business information byWiredmagazine; ranked one of the top ten most influential voices in banking byFinancial Brand; created one of the top 25must read financial ITblogs and identified byPR Dailyas one of thetop ten Twitter accounts followed by innovators, alongside Bill Gates and Richard Branson.

View original post here:
Post-Quantum Cryptography Should Be Part Of Your Security Strategy - Forbes