Security in the Time of Quantum – How to Mitigate Risks and Gain a Competitive Edge?

Quantum technologies are advancing at a fast pace and the quantum race is picking up as governments and companies around the world get closer and closer to quantum computers. If fallen in the hand of offenders, some of these early machines can potentially turn into a cryptographically relevant quantum computer (QRQC) - a device that’s capable of attacking real world cryptographic systems. Companies that handle valuable data need to start preparing for the next generation of cyberthreats arising from quantum computing by upgrading encryptions well before an effective quantum computer is up and running.

Once the technology exists, it is only a question of time for it to be widely available also to those willing to abuse it. Whether it is foreign governments, criminal enterprises, or rogue hackers attacking encryptions to access sensitive data, quantum computers will exponentially grow their firepower making cyberattacks faster and more efficient and leaving entire societies vulnerable if preparations are overlooked.

Cryptography that is used in communications, certifications, and data protection today is all based on mathematical problems, that are nearly impossible to solve for classical computers, but will be easy to break with a quantum computer. So, as we prepare for the arrival of quantum computers, we need to start by looking for new quantum-resistant solutions for technologies that we already use and depend on today.

There is no clear timeline for when the first cryptographically relevant quantum computer will be in use. However, the development in recent years has been fast. According to the U.S. Department of Homeland Security, cryptographical relevance will not be achieved before 2030, but what happens after that is unsure. Especially the fast development of error correction indicates that being prepared by 2030 is a wise choice. An exponential increase in computing power will pose a risk to many industries from defence to healthcare and from critical infrastructures to autonomous systems.

“Data that is protected by classical cryptography can be stolen, stored, and used later, once quantum computers become capable of breaking through the cryptography. Because of this scenario we need to start working on quantum-safe cryptography now to minimise the chance of a potential risks,” explains Visa Vallivaara, senior scientist at the applied cryptography team at VTT and former guest researcher in the post-quantum cryptography standardisation team at the National Institute of Standards and Technology (NIST).

Mitigating risks early is important as the potential consequences of compromised information can have long-term implications for national security. More complex the systems, more planning is needed to allow for seamless and secure upgrades.

“The most urgent priority for companies is to explore what the emergence of quantum computing means to them, their operations, and their data. Those who start preparing early will avoid a situation where upgrades need to be done in a rush or once information may have already been compromised,” Vallivaara says.

Every organisation that uses and stores sensitive data should start working on a preparation plan that consists of quantum risk assessment and mapping of critical data. This includes:

• exploring which encryptions need to be upgraded
• which algorithms to use
• what hybrid solutions are available

Once this understanding exists, it is possible to start planning how to safely implement changes and upgrades. Preparing for the threat driven by misuse of quantum computing is not only a contingency plan, but a potential competitive edge. This is particularly relevant for military systems, which often have long life cycles meaning that many currently existing systems and devices are likely to be around to witness the arrival of the quantum era.

“Being able to tell your customer or partner that you can safeguard their data against quantum threats can set you apart from the competition. It will likely be rather sooner than later when governments and organisations will start demanding quantum-safe encryptions,” Vallivaara estimates.

VTT built Finland’s first quantum computers together with leading industry partners, but we also have decades of experience in technologies that come together to respond to the challenges arising from the misuse of quantum technology.

We have decades of experience in technologies that come together to prepare for the threat arising from the misuse of quantum technology:

• cybersecurity
• quantum components and subsystems
• communications technologies
• measuring and evaluation

With decades of expertise, we have the industry understanding to be a strategically relevant partner in analysing and tackling emerging security threats specific to industries like banking, healthcare and defence. We specialise in real-world applications – those that create solutions and value to companies already in the short- and medium-term.

Now we bring our range of expertise together to guide organisations through the challenges of data protection and post-quantum cryptography. We have the relevant facilities and procedures for the handling of classified information. We work with our customers and partners to find the most effective and secure options and to work through evaluation and implementation.

Want to learn more about the challenges the quantum revolution poses to cryptography and how you should prepare? Read our blog on the 7 steps to quantum secure cryptography.