Post-quantum security: a future threat that needs addressing now

RSA cryptography sits at the heart of digital encryption. It’s used by web servers and browsers to secure traffic. It’s built into email protocols to ensure privacy. And it’s a critical component of online credit-card payments.

For decades the RSA algorithm (invented by Ron Rivest, Adi Shamir, and Len Adleman, and first publicly described in 1977) has been used to generate keys in public key infrastructure (PKI), so that sensitive digital data can be sent over insecure networks. The RSA cryptographic system works by creating two keys. Firstly, the RSA algorithm generates two random prime numbers: each number is 1024 bits in length, for 2048 bit encryption. These are then multiplied together. The answer to that problem is the public key, and the two random prime numbers become the private key. 

But experts believe that within the next 10 years RSA encryption could be broken by a quantum computer – with some saying this could happen as soon as 2027. And, “while the timing of threats posed by scalable quantum computers is still speculative,” according to Kazuhiro Gomi, CEO of NTT Research, “the need to prepare for this threat is real.”

The quantum threat

Until the quantum era, computer scientists maintained that it was impossible to factor numbers longer than 2048 bits, and solve the various formulas used in RSA encryption – it looked as though RSA might be the only encryption algorithm we’d ever need. There was a potential problem, though. The numbers generated for RSA aren’t really random. They are the product of mathematical formulae called ‘random number generators’ (RNGs). And scientists realised that the emerging field of quantum computing could do an exponentially better job of solving problems, thanks to them using quantum bits – qubits – instead of standard bits. 

Theoretically then, a quantum computer could crack RSA. And as recently as 2018, researchers believed that a quantum computer would need at least a billion qubits to break 2048-bit RSA encryption. “We estimated a trapped ion device would need a billion physical qubits to break RSA encryption, requiring a device with an area of 100-by-100 square metres,” said Mark Webber, a member of the Ion Quantum Technology group at the University of Sussex. 

However, in 2019 – the same year in which Google achieved ‘quantum supremacy’ with just 53 qubits – Craig Gidney and Martin Ekerå released a paper that revealed how a quantum computer could do the calculations required to decode 2048-bit RSA encryption in just eight hours, and using just 20 million qubits. 

“A [capable] quantum computer could jeopardise civilian and military communications as well as undermine supervisory and control systems for critical infrastructure”

Paul M Nakasone, USCYBERCOM

For governments and businesses tasked with protecting digital data, especially those in the telecommunications sector, the need for new quantum-resistant algorithms was clear. And in 2022 The White House responded, announcing that Joe Biden had signed a National Security Memorandum (NSM) – now referred to as NSM-10 – with the aim of maintaining US “leadership in quantum information sciences”, whilst also “mitigating the risks of quantum computing” to national security. 

“A [capable] quantum computer could jeopardise civilian and military communications as well as undermine supervisory and control systems for critical infrastructure,” says former general Paul M Nakasone, Commander, USCYBERCOM. “The number one defence against this quantum computing threat is to implement quantum-resistant cryptography on our most important systems.”

New standards are coming from NIST

As well as highlighting potential quantum threats, NSM-10 stipulated that the National Institute of Standards and Technology (NIST) and the Cybersecurity and Infrastructure Security Agency (CISA) would be the bodies tasked with ensuring the security of critical infrastructure and government systems. And in 2023 NIST announced the standardisation of four new quantum-resistant public-key cryptographic algorithms. 

“We’re really approaching a very important milestone for post-quantum cryptography, which is around the standardisation of the first NIST algorithms,” explains Lory Thorpe, senior strategy consultant, IBM Quantum. “And we see that as a really important milestone, but it’s actually really just the beginning. It’s really just the beginning when we think about how those algorithms are actually going to be implemented by enterprises and in the telecommunication world.”

Although NIST has taken the global lead on developing the new algorithm standards, there has been significant collaboration with other organisations around the world. “There seems to be a desire for an internationally collaborative development of standards for quantum security,” says Wenmiao Yu, co-founder and director of Business Development at Quantum Dice. 

Investment follows government intervention

Quantum Dice is one of a number of UK start-ups developing quantum-focused security products, and it has a singular focus on using quantum technology to provide “trusted and secure randomness”. According to Wenmiao Yu, the NSM-10 memo played a major part in putting post-quantum security in the spotlight for investors and security-focused sectors.

“Back in 2020 [when Quantum Dice launched] we had to do a lot of market education, whether to clients or investors,” Yu tells us. “But I think that has changed quite a lot in the past few years. It was helped a lot by the White House with the post-quantum security migration bill. That gave the push to companies looking at a quantum-safe road map. And then because the companies and the government agencies were motivated to do that, investment has also followed.”

Quantum Dice was originally based in Oxford, where its patented DISC protocol was developed, but when the decision was made to commercialise the business, the team moved to Bristol, where a number of quantum technology companies are currently based. 

“We met the managers at the Quantum Technology Enterprise Centre (QTEC) in Bristol, which was the UK’s only fully-funded, early-stage quantum technology incubator, specifically designed to help founders who have just left academia,” Yu says. “My fellow co-founder and I both secured the QTEC fellowships, which allowed us to then move to Bristol, start up the company in the incubator there. And that was great for introducing us to the right clients and also the right investors.”

Whilst situated within QTEC, Quantum Dice secured three institutional venture capital investors; two from the UK (Future Planet Capital and IP Group) and one from France (Elaia Partners). And the company is currently part of a UK-wide consortium, Assurance of Quantum Random Number Generators (AQURAND), set up to develop new standards for quantum random number generators (QRNGs). AQURAND is led by the National Physical Laboratory. AQURAND, and was set up with funding from Innovate UK.

Agreeing quantum standards

Elsewhere, the telecommunications industry has also identified the need for greater collaboration within its own sector, as well as with those that make up the wider technology ecosystem.

“We rely heavily on standards. We rely on standards to ensure that everything is interoperable, so that when you get off a plane, you can just turn on your phone and have everything magically work,” says IBM’s Lory Thorpe (IBM contributed to the development of three of NIST’s four chosen post-quantum algorithms). “But what that also means is that there is a big effort that sits behind that to ensure that there is alignment around what those standards need to be.”

This is where the GSMA PQTN (Post-Quantum Telco Network) Task Force comes in. The PQTN Task Force is a global industry association that represents the interests of telcos and telco operators. And it brings together the majority of operators, as well as other technology vendors. 

“The adoption of quantum-safe cryptography in telecom will affect all enterprises and consumers.”

Scott Crowder, IBM Quantum Adoption and Business Development

In February, the GSMA Task Force released its first set of Guidelines for Telecom Use Cases, which presents a “phased approach to migration” that enables key stakeholder groups, such as network operators, to prioritise and forward plan in a way that makes the shift to quantum safe cryptography as painless as possible.

“Given the accelerated advancements of quantum computing, data and systems secured with today’s encryption could become insecure in a matter of years,” says Scott Crowder, vice president of IBM Quantum Adoption and Business Development. “In a modern hybrid cloud world, communications services and compute technologies are interconnected and underpin all industries, which means the adoption of quantum-safe cryptography in telecom will affect all enterprises and consumers.”

Going beyond algorithms

With NIST’s expected release of more PQC standards in 2024, industries, governments, and others are already beginning to ramp up their migration planning efforts. 

“There’s concern that malicious actors are currently collecting ongoing communication data and could compromise security once scalable quantum computers become available [also known as Harvest Now, Decrypt Later],” says Gomi. “In this regard, it’s important to note that cryptography researchers are working on fortifying the security of advanced cryptographic methods, such as attribute-based encryption (ABE), for PQC readiness.”

But some are also concerned that NIST and the GSMA guidelines don’t go far enough, with a recent report from the Alliance for Telecommunications Industry Solutions (ATIS) claiming that – in the approaching quantum age – there must be an “absolute, verifiable certainty” that  cryptographic secret key generation produces genuinely random numbers; and that the only way to do this is with quantum technology.

“RSA is an algorithm that can be broken by a quantum computer, necessitating new cryptography standards,” explains Dr Florian Neukart, chief product officer at Terra Quantum. “The next step is implementing quantum-resistant algorithms and leveraging Quantum Key Distribution (QKD) for secure communication using photonic states to encode information.”

Concerns around the current state of algorithm-based standards were increased further recently, when a paper was released by a Chinese academic claiming to have solved lattice-based cryptography, which experts were hoping would provide the basis for a new set of quantum-safe algorithms. The story elicited concerns about the implications, but the paper was later debunked, despite much of the work holding up under scrutiny. And there is a growing belief amongst experts that a quantum problem requires a quantum solution.

“Ultimately, for truly random numbers, quantum technology is essential because it harnesses the inherent randomness of nature,” Neukart notes. “Despite the mistake in the recent, it highlighted the urgency and importance of developing and adopting robust quantum-resistant cryptography standards.”

Countdown to Y2Q

Unlike Y2K, where we knew exactly when the problem would hit, we have no idea when we will reach Y2Q – the point when a cryptographically-relevant quantum computer (CRQC) will render today’s encryption methods useless. It may be 10 years away. Or it could be much closer.

“In China, public investment in quantum technology is reported at 15.3 billion dollars, but actual spending is likely much higher,” Neukart explains. “This brings the timeline for a quantum computer capable of breaking current encryption much closer—perhaps within two to four years. We must act today to secure our communication infrastructure, not just at the corporate level but across the entire Internet. If sensitive data encrypted with today’s algorithms is stolen, it could be decrypted in a few years, so transitioning to quantum-safe solutions is critical now.”

“Bristol has a great quantum ecosystem”

Wenmiao Yu, Quantum Dice

Terra Quantum is currently the biggest quantum start-up in Europe based on company valuation, according to German business publication Handelsblatt and Pitchbook (€572m), securing more than €100m in funding thus far. Besides quantum computing, its security products and services use a combination of post-quantum cryptography, quantum random number generators (QRNGs), and QKD. Neukart emphasises the importance of focusing on practical applications of these powerful quantum technologies for businesses.

“We love talking about quantum physics, but we found that our industrial audience is more receptive when we focus on what our technology can actually do for them,” says Neukart. “Now, we prioritise explaining the practical benefits and use cases of our technology, demonstrating how it can solve real business challenges and enhance security.”

No one knows exactly when post-quantum security will be completely necessary. But thanks to the work of national governments (notably in the US and EU), and the bodies looking to establish new standards, investors are taking much more notice of quantum security. And Bristol has proved to be an excellent location for UK quantum companies looking to commercialise.

“Bristol has a great quantum ecosystem,” says Yu. “At almost every conference I attend I see alumni of the Quantum Technology Enterprise Centre. It’s definitely an active community.”

Today that ecosystem continues to evolve, through the work of the SETsquared programme, as well as the Quantum Technologies Innovation Centre. The role of these organisations is important in developing ideas and businesses, as Yu suggests.

“It was a great way to get more visibility with quantum-curious enterprise customers, whilst providing pitching opportunities to deep tech investors, who genuinely want to invest into quantum technology.”