We are all very familiar with binary computation – the way 99% of computers work today. 1’s and 0’s = on and off aka bits. A transistor (a microswitch) can have two states and we combine billions of these microswitches (transistors) on a chip, in a logical arrangement, to produce everything from basic math to 3D rendering to sound and video display. Modern processors perform millions and millions of instructions per second. Computational power increases year over year. Just “bookmark” that thought…
Today, what we know of the Internet is secured largely by public/private key encryption. The old “Bob and Alice” story. The story goes Bob and Alice have a public and private key. Bob can use Alice’s public key with some fancy math to scramble Alice’s message. Conventionally speaking, Alice would be the only person to be able to unscramble that message with her private key. Similarly, if Alice creates a message with her private (secret) key, that message can be decrypted by Bob (or anyone), if Bob has Alice’s public key. These two concepts are foundational to confidentiality and overall integrity of security on the internet. We can both scramble messages (or data) and we can be confident in the origin of the data (the later example). The way it actually works is a bit more complex, but this is the general gist. This is THE foundation for 99% of the security on the Internet today – banking, Email, document sharing, etc.
This is all well and good – as long as computers are “fast enough” to process impossibly complex algorithms with equally impossibly large numbers. This could include factoring prime numbers or, in the case of better algorithms, using confusion, diffusion, and substitution. As computational power evolves, so too do these algorithms. Again, this is foundational to a functional and secure Internet.
Now, enter quantum computing. Simplistically, in quantum computing, we use qubits or quantum bits. A qubit can be 0 or 1, or both 0 and 1. This means that unlike a traditional computer, a quantum computer can process a dramatically high number of 1 and 0 combinations at the same exact time. There are other advantages such as entanglement and superposition (not covered here, I’m not a physicist!).
Here’s the dilemma – quantum computing is so fast that it can dramatically, orders of magnitude, outperform the fastest of the fastest computers today. Quantum computing is so fast and can crunch so many “numbers” that it is possible to decrypt modern public/private symmetric and asymmetric key encryption that’s widely used and adopted on the Internet today. Put plainly, if we don’t evolve or modernize our strategies for securing data the Internet will break. We already see cases where “encrypted” data is being exfiltrated for later processing and decryption “when the time comes” (think nation-state actors). Some scholars use the word “stockpiling” to describe what’s going on.
This sounds very science fiction-y and, for a time, it was. However, today AWS and Azure already have quantum computing availability in their public cloud portfolio. In fact, there is a name given to this – “Q-day”. Q-day is the day when quantum computers will be able to “crack” the way that data is securely stored and transited on the Internet today. Some estimate this day to be as much as 30 years away, however, it is my opinion that that we’re 5 years away (or less) from this happening. There are many, many more questions than answers right now and the important part is to start having discussions. This is a topic that all CIOs should be following very, very closely now and in the coming years.
Hopefully, this was educational and overall informative. For further reading, this is a great article with visuals to explain more about Quantum Computing and the depth of this problem:
Additionally, NIST is publishing candidate algorithms for “quantum-computing resistant” data and information security (“Post-Quantum Cryptography or PQC): https://csrc.nist.gov/News/2022/pqc-candidates-to-be-standardized-and-round-4.