IDC analysts predicted that quantum computing will bring competitive advantage to 25 percent of the Fortune Global 500 companies by 2023.
During that same timeframe, Gartner researchers expect 20 percent of organizations will budget for quantum computing projects ─ compared to less than one percent today. While quantum computing is not ready for prime time yet, that does not mean business and public sector leaders can shrug off the risks it poses to data security. That is because quantum communication is moving ahead faster than quantum computing.
“Quantum communication uses photons, which means companies can build a quantum communication network faster by using existing optic fibers,” said Laure Le Bars, research project director at SAP. “The quantum Internet could be up and running fairly quickly. This can prevent scenarios where an attacker is stealing data today and holding onto it until quantum computing is available. Consider communications between embassies in different countries or military units worldwide. Maybe this data surfaces a few years later, with the potential to cause considerable, unexpected damage with information that remains relevant. Organizations have a tremendous opportunity now to explore these new data protection protocols.”
Hackathon Takes on Quantum Challenge
People are worried about quantum computing because it promises to upend classical computer security standards. Theoretically, bad actors armed with quantum computers could intercept the sensitive, private data that businesses and consumers share and store every day, whether that data is encrypted or not.
Last fall, academic and industry researchers gathered at a hackathon, sponsored by the Quantum Internet Alliance (QIA), to explore enhancing the Open Secure Sockets Layer (OpenSSL) library, which implements protocols that underpin Internet security. The goal of the workshop was to test new encryption capabilities to help organizations be better prepared for both quantum communication and quantum computing.
Peter Limacher, quantum expert at SAP Security Research, was among the hundreds of participants at the two-day event, which consisted of groups working simultaneously in six European cities. QIA is funded by the European Union as part of the Horizon 2020 research and innovation program. As a QIA partner, SAP employees are researching ways to keep information secure in quantum communication networks.
“Our task was to hack into the OpenSSL library and augment the standard security protocols with quantum ones,” explained Limacher. “Having secure communication or a key exchange through a quantum communications channel is possible in theory. The challenge was integrating that into existing software. People just want to click a button. Using quantum key distribution (QKD), we explored a standardized way to connect qubits and cascade through different software layers to keep information on the quantum Internet secure.”
Quantum Keys May Be Key to Security
According to the laws of quantum mechanics, it would be impossible to eavesdrop undetected on conversations taking place across the quantum Internet. Criminals also would not be able to steal, copy, or otherwise distribute stolen information. The owners of that data would know in real time if security was compromised. This is where quantum communication comes in.
“Communication in classical networks can be overheard or intercepted without anyone knowing. That’s not the case with quantum communication. You’d know immediately that someone was listening to your conversation or trying to distribute your data,” Limacher said.
Address Quantum Risks on the Horizon Now
Clearly, organizations cannot adopt a wait-and-see attitude as quantum communication emerges. Experts recommend exploring steps now to protect sensitive data before these technologies are widespread. Wherever their data is ─ whether in transit, stored in the cloud, or on laptops and other devices ─ companies need to protect it with sufficient encryption measures.
“If you have chunks of data in different data centers, you could introduce QKD to safely exchange encryption keys in close to real time,” said Andrey Hoursanov, lead of quantum security at SAP. “That way, if someone intercepts information, multiple keys may be needed to intercept additionally, making it much harder to break into. It’s not 100 percent guaranteed, but it’s much better than anything else at this point.”
Quantum Moves Ahead on Parallel Tracks
Limacher and Hoursanov kicked off the year at the latest QIA workshop, where members delivered a ranked list of quantum communication protocols for priority development in actual business software applications. They agreed that the top-three protocols of importance to business with the advent of quantum communication would be QKD, quantum digital signature, and quantum money.
“These use cases are all related to securing business trust, something that’s critical as quantum technologies progress,” said Limacher. “Companies conducting numerous transactions with partners on a daily basis need certainty that signed documents and payments haven’t been modified.”
While quantum hardware may not be fully baked, Limacher said that SAP partners are heads-down, using simulator programs to eventually bring these protocols into software within quantum communication networks. In the meantime, his advice for companies was unequivocal.
“Organizations need to move ahead in parallel with quantum hardware development so software applications are ready when quantum communication networks go live,” he said.
Follow me @smgaler