Governments seek ways to avert quantum's encryption apocalypse
The U.S. is barreling toward a quantum computing future, but until it’s here, it's unknown if all the investments and time spent preparing the country’s cybersecurity will pay off.
The big picture: Experts have long feared quantum computing would allow foreign adversaries and hackers to crack the otherwise unbreakable encryption standards that protect most online data — leaving everything from online payment systems to government secrets vulnerable.
- Although a quantum computer isn't expected until 2030, at the earliest, updating current encryption standards will take just as long, creating a high-stakes race filled with unanswerable questions for national security and cybersecurity officials alike.
As scientists, academics and international policymakers attended the first-ever Quantum World Congress conference in Washington this week, alarmism around the future of secure data was undercut by foundational questions of what quantum computing will mean for the world.
- "We don't even know what we don't know about what quantum can do," said Michael Redding, chief technology officer at Quantropi, during a panel about cryptography at the Quantum World Congress.
Catch up quick: While classical computers rely on a binary of ones and zeros to run calculations, quantum computing harnesses the principles of quantum physics — which argues a particle can be in two places at once — to complete more complex calculations than a classical computer could ever do.
- Those calculations include cracking the equations that underpin the encryption standards that protect most online data today.
Threat level: Some governments are believed to have already started stealing enemies’ encrypted secrets now, so they can unlock them as soon as quantum computing is available.
- "It's the single-largest economic national-security issue we have ever faced as a Western society," said Denis Mandich, chief technology officer at Qrypt and a former U.S. intelligence official, at this week's conference. "We don't know what happens if they actually decrypt, operationalize and monetize all the data that they already have."
Between the lines: Whether the new post-quantum cybersecurity protocols governments and researchers are developing will be able to fend off quantum is tricky, if not impossible, to guarantee: It’s hard to prepare for a technology that still doesn’t exist.
- Current projects researching how to modernize encryption are based on insights into how adversaries have broken current encryption algorithms in past attacks and building on top of that.
The intrigue: That isn’t stopping the U.S. from investing even more resources into developing and protecting against quantum computing.
- President Joe Biden signed a national security memo in May ordering federal agencies to take inventory of all use cases for encryption in their systems. Congress has already poured at least $1.2 billion into quantum computing research and development.
- Cities and states are also stepping up: Chattanooga, Tennessee, on Wednesday became the first U.S. city to stand up a commercially available fiber optic network capable of handling quantum technologies.
Yes, but: A lot of post-quantum encryption research is happening in tandem with quantum development projects, so researchers have a more informed understanding of what they could be protecting against.
- "The way to do things efficiently is to do things in parallel and have the different components talking to each other and guiding each other," David Awschalom, director of the Chicago Quantum Exchange and senior scientist at the Argonne National Laboratory, tells Axios.
What’s next: All eyes are on the Commerce Department's National Institute of Standards and Technology as it prepares to release a second set of post-quantum encryption tools for security experts to test and analyze.
- Companies should also consider hiring quantum-specific security teams that can start modernizing their systems for a post-quantum world, Redding said.
Sign up for Axios’ cybersecurity newsletter Codebook here.