For some time now, there has been talk of the need to develop and implement post-quantum cryptography (PQC) to protect ourselves from the risks that quantum computing could pose to businesses and governments. But what exactly does this threat involve? And what is this remedy with such a futuristic name?

For those not yet familiar with the term, quantum computing is a set of scientific and engineering research fields spanning various disciplines, from the development of quantum hardware (quantum computers) to quantum algorithms (instructions that can only be executed on quantum computers).

Beyond what quantum computing is, what interests us here is knowing what can be done with quantum computers. Quantum computers allow certain operations to be carried out in a matter of minutes, hours or weeks, which would take millennia to complete using classical computers (even the most powerful supercomputers).

Optimisation and computational problems, etc., which currently pose insurmountable barriers to many scientific advances, will be able to be addressed (in fact, much can already be achieved with current quantum computers), opening the door to a significant leap in research capacity and the development of new technologies across many fields (materials, biotechnology, pharmaceuticals, logistics, etc.).

Why does quantum computing pose a threat?

To answer this question, we need to take a step back and consider how the digital world we live in actually works. More specifically, we should ask ourselves why the digital world is fundamentally trustworthy.

On the internet and in today’s digital services, communication security relies on a combination of symmetric cryptography and asymmetric cryptography.

Asymmetric cryptography, based on pairs of public and private keys, is not used to encrypt large volumes of data, but rather to authenticate identities, exchange keys and generate digital signatures. These functions enable infrastructures such as PKIs (Public Key Infrastructures), which underpin trust in the network.

It is everywhere, even if we are not aware of it: it is no exaggeration to say that asymmetric cryptography and the trust infrastructures that rely on it, such as PKIs, underpin the identity, authentication and trust upon which today’s digital world is built.

We use symmetric cryptography to encrypt our communications, emails, VPN technology, the data we store, etc., while we use asymmetric cryptography to authenticate services (to ensure we are talking to the person we intend to, that our bank is indeed our bank, etc.), distribute keys, etc.

In other words, companies use symmetric cryptography to encrypt their sensitive information, such as their R&D, strategy, etc. Thus, even if an intruder were to gain access to the server where the information is stored, they would not be able to understand anything contained therein.

Asymmetric encryption also underpins the technology behind digital certificates and electronic signatures: today, we can verify that a document originates from a specific person or organisation thanks to this technology. In fact, when our mobile phones or computers install software updates – often critical for security – the software manufacturer (e.g. Microsoft) signs the software package we are about to install, so that we all know its origin is legitimate and that it has not been tampered with. This validation process happens automatically, so we are not even aware of it.

The security and reliability we enjoy today are based on the fact that infrastructure associated with cryptographic technologies, such as PKI, has been rolled out universally (generally, the risks of data theft that occur do not stem from cryptography when it has been properly implemented, but from other factors, such as the human element or other software and hardware technologies).

The roll-out of PKI is not something that happened overnight: it has taken between 15 and 20 years. We are all at ease, because compromising the cryptographic protection of information secured using conventional computers takes a length of time that far exceeds the human time scale. Until now.

The promise of quantum computing is that, with new quantum computers, exposing encrypted information will be possible on a much shorter time scale, as we mentioned earlier.

So if a rival government or company wants to gain access to my R&D plans, confidential data on my products or services, designs, protocols, prototypes, customers, etc., and if it has a sufficiently powerful quantum computer, it will be able to access the information in time to exploit it – even if I have encrypted my data properly.

To do so, it would not even be necessary to access the systems directly: it would suffice to have previously intercepted encrypted information or cryptographic exchanges, to decrypt them later when technological capabilities allowed.

Intercept now and decrypt later

This is the mantra that has been circulating among the intelligence agencies of many states for some time now.

As many communications can be intercepted with relative ease, it is possible to store large amounts of data that are unintelligible today, waiting until the more or less distant future to access useful and relevant information.

With this strategy in mind, what we know is that the risk has already been triggered today, but has not yet materialised: in other words, information protected by classical cryptography that is vulnerable to quantum computers may be decrypted at a later date, but this decryption capability does not yet exist today.

How is this managed?

There is no need to panic; rather, as is always the case with security, we must manage the risk.

This is where we need to consider the tools at our disposal to manage this risk.

The solution lies in planning and progressively implementing the migration of our infrastructure from classical cryptography to post-quantum cryptography, which is resistant to quantum computers.

Implementable standards have already been published by the US National Institute of Standards and Technology (NIST), and we must recognise that this migration, as the roll-out of the PKI infrastructure taught us, cannot be done in a couple of days, but must be planned well in advance.

Recommendations from NIST itself and the UK’s National Cyber Security Centre (NCSC) suggest starting the transition now, with the aim of completing it by 2035.

As a business, we must bear in mind a series of basic recommendations to prioritise our actions in this regard:

1. Identify which information is most sensitive to you, and estimate its lifespan.
2. If this information does not need to remain confidential over the next few years, do not worry about it (provided you have already protected it using classical cryptography, of course). What timeframe should I consider? If we want to allow for a margin of error, based on the recommendations mentioned above, a period of five years seems a fairly conservative estimate.
3. If it has a long lifespan (typically R&D, strategy, designs, know-how, sensitive data from regulated sectors, etc.), and it is critical that you maintain its confidentiality in order to control it or avoid penalties, start moving it to post-quantum infrastructures: in other words, migration must begin immediately. Remember that the risk has already been triggered.

It should also be borne in mind that everything relating to authentication, signatures, certificates, etc. must be treated as a priority.

Where do we stand today?

By way of an epilogue, we can attempt to answer the question of who is leading the race for the quantum computer. And the following big question is also of great interest: When will this happen?

We don’t have the answer to the latter question, but the recommendations from the EU, NIST and NCSC give us an idea of the direction things are heading: it is not tomorrow; we are talking about a decade, if not more.

The answer to the question of who is winning the race is not straightforward. We must bear in mind that the quantum ecosystem is complex, comprising a conglomerate where public policy, universities, start-ups, large companies and investors intermingle, alongside various dimensions of technology, encompassing hardware, software, algorithms and materials.

As regards the ecosystem of funders and private enterprise, the US dominates due to its unique ability to transform science into products.

In terms of technical development, the US is undoubtedly a major player, but the data shows that Asia – comprising China, Japan and South Korea – is playing an increasingly significant role.

China dominates in terms of patents, investment and state-led roll-out, but the US still remains ahead, driven by its extremely strong private sector. However, Chinese state capital is more patient than private industrial capital, and this patience could prove key in this race…

Europe is highly significant in science, innovation and the creation of start-ups in the sector, but as in so many other areas, we lack the ability to scale up these advances effectively.

Written by: Eric Maciá. Head of Legal Consultancy in R&D at PONS IP.