Yesterday, the FT broke the news that Goldman Sachs believe quantum computing is 5 years away from use in markets. However, while quantum computing holds immense potential for tasks like pricing derivatives, those in the cybersecurity space are calling for an abundance of caution. Without immense efforts to create cryptographic encryptions that can withstand the power of quantum computing, the basic security that governs every aspect of our modern infrastructure may be rendered useless overnight.
<p>Quantum computers will be a great asset to many use cases, but they also pose a grave danger to the world’s cybersecurity. Because quantum computing is a new computing paradigm (not the traditional set of discrete 1/0 gates that govern traditional chip technology), it can have a great advantage over traditional computing for specific tasks. One of those is factoring large numbers down to their primes and another is calculating eliptic curves. This fact matters because the cryptographic algorithms used to encrypt data throughout our global digital infrastructure depend on one of these two mathematical functions.</p> <p><br /><br />The practical consequence is that the RSA and ECC encryption algorithms are both compromised once adequately powerful quantum computers become commercially available. At that point, the basic security that protects our financial systems, commerce, communication, transportation, manufacturing, supply chains, government, and all other aspects of digital life will cease to be effective. The exact date of such an occurrence is subject to much speculation, but in a long enough time horizon, this “Quantum Apocalypse,” as it’s sometimes called, is all but a sure thing.</p> <p><br /><br />To protect ourselves from the Quantum Apocalypse, our global PKI infrastructure will need to migrate from existing RSA- and ECC-based functions to new cryptographic approaches that are more resilient to the specifics of quantum computing architecture while still meeting needs for speed, required computing power, security against traditional computing architecture, and versatility across the vast array of software, hardware, and use cases that will depend on them. A number of academic, industry, and government specialists are focused on arriving at good candidate algorithms that meet these requirements. Our systems will also require certificate agility to make such substitution on our large-scale production environments without massive disruption.</p>