Quantum computers benefit from special effects like the quantum superposition and quantum interference to perform computation outside the reach to to classical computers, and attaining a speed advantage over classical computers for selected problems. What matters is quantum computers may allow an exponential computing speedup for certain problems. This speedup may range between tasks like searching an element in a database (with Grover's algorithm) to breaking currently used encryption (via Shor's algorithm).
In 2019 Google announced the reaching of quantum supremacy by claim of demonstrating a problem that is solved faster by a quantum algorithm than by any world's supercomputer available in 2019. While in foreseeable future this result has approximately zero consequences to cybersecurity or data protection, the topic is nonetheless interesting.
Quantum computing and data protection
Practical quantum computers would introduce a number of data protection risks.
From the potential uses of quantum computing - simulation, optimisation, etc - Alibaba Cloud & Chinese Academy of Sciences's Platform page (cloud-accessible 12-qubit device) chose... application in surveillance to retrieve the target ID? https://t.co/v4UxjXelDF pic.twitter.com/7ElU4ef2oR— Lukasz Olejnik (@lukOlejnik) October 29, 2019
Only one of these risks is related to breaking of current cryptography (ciphers, digital signatures, etc.), undermining the data security. I author the recent document by the European Data Protection Supervisor devoted to this particular data protection risks angle of quantum computing.
Here I provide a few key and most useful excerpts from this document.
The risk of retrospective decryption
The document notes the risks of retrospective decryption:
With increasing computing power at decreasing costs, the retrospective decryption of data from the past becomes of use if the employed key lengths used at the time were sufficiently short. (...) Quantum computers though follow different laws and would allow retrospective decryption in many cases much earlier.
Some types of data need to be secure only for a short period of time. Others, like health data or national secrets, need to be confidential in the long-term. Retrospective decryption is a selective risk: it applies only to specific areas.
Unpredictability of the dangers posed by quantum computers is a risk
Why are we concerned by the risks of quantum computing? Because the consequences are difficult to predict:
According to current understanding, to execute useful algorithms of practical relevance there is a need to build a quantum computer with more qubits and smaller error rates than what is possible today. The creation of a large and usable quantum computer within the next ten years is highly unlikely, but difficult to predict. It is this unpredictability that eventually leads to risks
There is no immediate threat from quantum computing. However, long-term planning may see a potential risk. Some of the risk arises from the relative unpredictability.
There are many ways that organizations may prepare for the quantum risk. Some tout quantum cryptography like the quantum key distribution over quantum networks, but post-quantum cryptography would be better suited to the task as it works over existing technologies. Post-quantum cryptography uses very different mathematical underlyings to the encryption schemes in use now. The mathematical operations are chosen in ways so that currently known quantum algorithms cannot break.
In July 2020 the NIST process of selecting ciphers and digital signature schemes ready for post-quantum cryptography progressed and as a result a number of favored schemes has been selected (Classic McEliece based on the 40-year old code-based cryptography, CRYSTALS-KYBER based on lattice-based cryptography; NTRU, SABER for encryption; CRYSTALS-DILITHIUM, FALCON, Rainbow for digital signatures).
Post-quantum risk assessment?
In case an organization will choose to prepare, migrate or adapt, this involves a specific case of post-quantum risk assessment:
For this reason, some organisations may be interested in preparing appropriate risk assessment as well as contingency and migration plans. Such plans should always prioritise guaranteeing data security with respect to today’s non-quantum security. When transitioning to post-quantum systems, organisations should consider existing risks and the usual considerations during migration of data that would guarantee data security (i.e. reliability, availability) as well as confidentiality (e.g. when the data is re-encrypted with post-quantum cryptography).
Organisations will need to decide if and what risks they faced by the potential arrival of quantum computers. Such decisions won't be easy - they will need to be horizontal, considering many technical questions, including those related to foresighting the development of complex technologies.
Those who feel the risk applies to them will be interested in making migration plans. In the general case it seems reasonable to wait with actual migration at least until the replacement technologies are standardised, in order to well understand all the associated risks.
Lastly, why do I even consider/speak of these technologies? Aside from being interesting, I happened to have worked in this business a while ago (one of my first research papers was actually in the field of quantum information/cryptography).
Did you like the assessment and analysis? Any questions, comments, complaints or offers for me? Feel free to reach out: firstname.lastname@example.org