While quantum computing may bring revolutionary advances to societies, it is also a threat to our current networked infrastructure.
MI6 chief Moore warned: "Our adversaries are pouring money and ambition into mastering artificial intelligence, quantum computing and synthetic biology because they know that mastering these technologies will give them leverage."
He said that China, Russia and Iran are the most significant nation-state threats who could exploit technology to meet their aims. As an example he mentioned the SolarWinds cyberattack, which has been attributed to the Russian foreign intelligence.
But why is quantum computing so dangerous?
A quantum bit can assume all values between zero and one. It can thus act on countless levels simultaneously, and that fascinates physicists immensely. If they were able to connect hundreds of quantum bits together, a quantum computer would be created. It would be the nerd among computers: with special talents and incredible computing power.
Quantum computing will change information technology in ways we have never seen before. Past research has produced various quantum algorithms, namely Shor's algorithm, to efficiently solve various problems that previously had been considered too difficult to solve in a reasonable time.
As a consequence, the asymmetric cryptosystems in widespread use today (RSA, (EC)DSA, and (EC)DH) are based on variants of only two mathematical problems that, unfortunately, can be solved much faster by quantum computers: the integer factorization problem and the discrete logarithm problem.
The experts were shocked. Shor's algorithm threatened nothing less than the ultimate victory of code breakers over code tinkerers. Quantum computers will have the potential to break the most secure communications on the planet.
The race is on to create new ways to protect data and communications to combat the threat posed by large-scale universal quantum computers.
Developing and deploying post-quantum cryptography is quite urgent. Even though quantum computers capable of breaking the cryptosystems we use today might not become reality in short term, experience has shown that rolling out new cryptographic standards takes a lot of time. New algorithms have to be evaluated carefully, their security has to be proven by intensive cryptanalysis and efficient implementations have to be found.
For instance, even though Elliptic Curve Cryptography was first proposed in the late 1980s, it has only been adapted for mass usage a couple of years ago.
Deployment of post-quantum cryptography should happen as soon as possible - not only to be prepared when large scale universal quantum computers become a reality but also to protect the data currently encrypted with standard algorithms from being decrypted in the future.
As cryptography expert Lyubashevsky says:
"If you really have sensitive data, do it now, migrate yourself."
As quantum resistant algorithms are fairly new and their security has not been sufficiently proven, we cannot just replace our currently used cryptographic algorithms with quantum-proof algorithms. It might still happen that somebody comes up with an attack running on a conventional or a quantum computer that breaks the new algorithm we have chosen. Therefore, post-quantum and conventional algorithms have to be combined in a hybrid approach.
Many different companies have already started to experiment with post-quantum cryptography in their applications. We at Tutanota have started a project to use quantum-secure algorithms together with conventional algorithms for our encrypted emails and calendars. The prototype has already been published.
The world of encryption is changing more quickly than ever, and it has never been more important to stay ahead of the game.
We at Tutanota are doing everything in our power to make sure that encryption wins.