Computer networks used on a daily basis for banking and the transfer of personal information may become unsecure if new encryption methods are not developed soon, warn some of the world’s top cryptographers.
The cryptographers, comprised of leading experts in cybersecurity, quantum computing, and quantum technologies, gathered in Ottawa this week to discuss the issue of quantum-safe crypto technology.
A white paper released to coincide with the meeting states that “without quantum-safe encryption, everything that has been transmitted, or will ever be transmitted, over a network is vulnerable to eavesdropping and public disclosure.”
The aim of the meeting, which included government and industry leaders, was to develop a roadmap to ensure sound cybersecurity protocols in a world with quantum computers. It is expected that quantum computers will be available within a few years.
“If this problem is not fixed before large-scale quantum computers are available, then things just collapse. You have no way of securely communicating, which means you can’t securely update your computer,” says Michele Mosca.
Mosca is the deputy director at the Institute for Quantum Computing at the University of Waterloo, which hosted the meeting in partnership with the European Telecommunications Standards Institute.
Cryptography is used to encrypt either information that is sent between computers or to authenticate information. The problem is that present encryption methods—even those considered to be state of the art—are not designed to be able to withstand quantum attacks that may emerge with the advent of large-scale quantum computing.
The result is that records or databases that have been used over the past 25 years, including military, financial, and identity information, could be at risk of being decrypted, according to researchers.
“For many applications, who cares, but for others this can have a serious consequence. If you did have confidential information, such as health information or information that could lead to identity theft and so on—that is at risk,” said Mosca.
Another issue raised in the paper includes the concern that a security measure believed to be quantum-safe today may not be in the future. The researchers admit that the corrections needed are possible, but would require the involvement of everyone in the computer industry—from computer security professionals and academics to those who set the standards—and take years or even decades to complete.
Mosca notes that changing something this extensive given the level of connectivity seems impossible, but it is nevertheless needed and should be started now.
“We have never had such a complex and widely deployed information communication infrastructure before. It has grown astronomically and it is only going to increase. Changing something as fundamental as how we secure it isn’t going to happen very quickly,” he said.
“It is all preventable, but if we don’t actually do it, it would be catastrophic. The thing is, it takes many years of planning to deploy a quantum-safe alternative, and one of the key steps is, ultimately, standards,” Mosca adds.
“There is no more time to procrastinate.”
Kaven Baker-Voakes is a freelance reported based in Ottawa.