Quantum computing brings cybersecurity threats, how much time do we have

 

Recently, Global Risk Institutions, a Canadian risk management organization, and evolutionQ Inc., a quantum risk management service provider, jointly compiled and released the "Quantum Threat Timeline Report". This report reflects the views of nearly fifty experts in the field of quantum computing research, focusing on an estimate of the timeline for the threat quantum computers pose to cybersecurity. This article is an abbreviated version of the report.

 

 

 

Quantum computers use quantum systems to perform calculations beyond what standard computers ("classical" computers) can achieve.

 

Quantum computers exploit quantum properties, but these properties are very difficult to preserve/control. This makes building a quantum computer an extraordinary challenge: it requires contributions from experts in different fields, including physics, engineering, and computer science; and substantial investment from governments, established companies, and venture capital backing start-ups.

 

Despite the fact that key quantum properties are very fragile, no fundamental barriers have been found to the realizability of quantum computers. Instead, small prototypes capable of running rudimentary "quantum programs" have been built; in addition, "quantum ecosystems" are emerging that include academic institutions and private companies. The private sector includes both companies involved in specific quantum technologies, as well as "full stack" companies designed to handle what is needed to build and run quantum computers. This thriving ecosystem is currently supported by unprecedented investment in the field, demonstrating continued optimism about the potential of quantum technology and quantum computing.

 

 

 

A full-fledged quantum computer will be able to solve computational problems previously thought impossible by any reasonable means. This will jeopardize the current cybersecurity infrastructure: if these vulnerabilities are not mitigated, the potential consequences would be catastrophic. Among them, one of the most critical questions is to know as much as possible about when a cryptographically relevant quantum computer (CRQC) might be built.

 

Quantum threats to cybersecurity can be reduced by deploying new cryptographic tools, both traditional and quantum. Nonetheless, the transition to secure quantum cryptography presents its own challenges: it requires developing and deploying hardware and software solutions, establishing standards, migrating of legacy systems, and more. Given that sufficient time must be devoted to an orderly and safe transition to a "post-quantum" world, specific organizations initiating and completing the transition to quantum-secure cryptography for a particular network system can generally be estimated with three simple parameters:

 

1) Retention time: The number of years that the data must be protected by the network system.

2) Migration time: The number of years required to safely migrate the system to a quantum-safe solution.

3) and the key focus of this report: the threat timeline, the number of years before potentially threatening quantum decryption techniques can crack current vulnerable systems.

 

Figure 1 Quantum threat timeline (red). Whether networked systems may already be at risk before the quantum threat becomes concrete, as the required migration time (yellow) and the required (e.g., by regulation) data retention period (green) must also be considered.

 

This report sheds light on a timeline of the quantum threat by mining the opinions of international leaders in quantum computing.

 

 

 

It is generally acknowledged by experts that we cannot reliably predict the rate of progress towards a practical quantum computer, because building a quantum computer requires going beyond the currently known scientific and/or engineering limits. Despite this unavoidable uncertainty, this series of reports aims to provide insight on:

 

1) The possibility of quantum threats becoming a reality in the short, medium or long term.

2) The rate of progress being made in building cryptographically relevant quantum computers.

3) Milestones in quantum computing R&D that cyber risk managers should focus on.

 

For the first time in 2019, the report authors surveyed 22 thought leaders with unprecedented breadth and depth to provide insights for experts managing cyber risk, analyzing cyber risks associated with quantum cryptography; in 2020, they expanded respondents’ Scope: A total of 44 quantum experts were approached; in 2021, they again conducted an extensive survey of 47 participants from four continents, including experts in quantum computing from academia and industry. 

 

 

Figure 2 Number of experts surveyed by region. Respondents came from countries (such as Canada, China, Japan, and the United States) and geographic regions (such as Europe) that have been and continue to develop quantum information technologies.

 

In the questionnaire, experts were asked about their estimates of the timeline for the development of quantum computers, especially for quantum computers that are powerful enough to pose a threat to existing cybersecurity. The results suggest that the quantum threat will soon become non-negligible, and likely sooner and more concrete than many expected.

 

Figure 3 Responses to key questions from the 2022 survey. 46 of the 47 experts indicated that the quantum threat is becoming more specific.

 

Table 1 Expectations based on expert opinion. Some potential trends in quantum threats are summarized.

 

When comparing opinions expressed in 2019, 2020 and now in 2021, one general trend can be observed - higher likelihood.

 

According to experts, a range of probabilities for the emergence of cryptographically relevant quantum computers can be calculated, which experts estimate will have a substantial impact on progress in the short term. Experts say part of the optimism is the result of major technological advancements; another reason can be found in the "aggressive" roadmaps some big companies have laid out to achieve so-called fault-tolerant quantum computers. In addition, there is a lot of money and investment currently available to accelerate the development of quantum computers.

 

The experts involved in the survey, and the quantum field as a whole, made it clear that there is some danger in fueling these investment hype. Because, for example, failing to meet (unrealistic) expectations could trigger a “quantum winter”: a sudden drop in funding levels could lead to a vicious cycle of less investment ↔ less outcomes.

 

Figure 4 Evolution of experts' likelihood estimates. In the three graphs on the left: probability estimates based on optimistic or pessimistic interpretations of the likelihood intervals for survey responses in 2019, 2020, and 2021. Large graph on the right: juxtaposition and time frame comparison of such estimates. In each time frame considered, both the lower and upper bounds of the average likelihood estimates rose from survey to survey, with the only exception being the lower bound of the 5-year estimate. In the most recent survey, the 10- and 15-year increases were more significant. 

 

 

 

The successful development of quantum computers will be a game-changer for economies and societies in many ways, not just cryptography and digital infrastructure. For example, quantum computers are inherently suitable for simulating arbitrary quantum systems, which can be used to design new drugs and advanced materials. For this reason, many national and supranational entities (such as the European Union) consider quantum technologies, especially quantum computing, to be strategic and have started a "quantum race".

 

Experts point to which regions are currently leading, and North America appears to be the current recognized leader; and which regions are likely to be leaders in 5 years, a more complex question with more nuanced answers: for example, China will How to achieve rapid development.

 

Figure 5 shows the number of respondents who say that a region/entity has the potential to be a leader in the global race to build fault-tolerant quantum computers in five years.

 

The majority of respondents believe that the current level of global investment in the quantum field will remain stable or even increase over the next two years (Figure 6).

 

Figure 6 Expected changes in the level of investment in quantum computing over the next two years.

 

Another "race" has to do with physical architecture. A major challenge in building a quantum computer is the creation of reliable fundamental components -- (physical) qubits, many of which (millions) are required for any cryptographically relevant quantum computer, and are suitable for several proposed platforms. For any physical/technical implementation in general, it is extremely important to allow many (physical) qubits to be realized and manipulated: scalable while maintaining control and quality.

 

As with surveys over the past two years, experts say the most promising physical platform for enabling cryptographically relevant quantum computers is superconducting systems, followed by ion trap systems. Among other promising platforms, this year's findings point to renewed interest in the potential of optical quantum computing. More broadly, while there are some opinions on which platform is leading, no clear winner of this race has been identified, and it's possible that more than one platform will have a significant role to play.

 

Figure 7 Similar to previous years, the realization of superconducting systems, followed by the realization of ion traps, is considered to have some advantages over other physical realizations.

 

Many respondents emphasized "modularity" - a combination of stand-alone devices rather than a handful of large microcontrollers. It has also been suggested that it may be possible to leverage different physical platforms that might excel at different aspects of quantum computing, such as storing, manipulating and transmitting quantum information. On this basis, a hybrid system utilizing more than one physical platform may play an important role; on the other hand, hybrid systems have their own challenges: how to make different physical implementations work with each other effectively?

 

 

 

The main obstacle to being able to create and process many qubits is that neither the qubits themselves nor their manipulations can be perfect: Quantum itself is fragile, and physical errors cannot be completely eliminated. However, multiple imperfect physical qubits can be error-corrected to encode more reliable logical qubits.

 

An important step forward will be experimental error-correction schemes proving that logical qubits are more reliable than fundamental physical qubits. To do this, the fundamental physics qubits must be well prepared, manipulated and measured.

 

Significant results around error correction and fault tolerance have been achieved in some architectures, but not all features of error correction have been demonstrated at one time, nor have feasible scalability issues been fully addressed (implementing and processing multiple within the same architecture with reasonable resources) logical qubit). Advances in hardware and error-correction schemes have led experts to believe that demonstrating one or more logical qubits can outperform the underlying physical qubits in both computation and error-correction for storing and manipulating quantum information.

 

Figure 8 Quantum information is fragile and its manipulation is imperfect. Still, experts generally agree that we will soon see the implementation of logic qubits that use error correction to counteract these problems. Most importantly, this seems possible even taking into account the scalability requirements of the encoding scheme: namely, that more and more logical qubits can be implemented and processed with a controllable increase in resources and operational complexity.

 

On the other hand, some experts also say that the concept of a scalable single logical qubit is not necessarily a well-defined or reasonable milestone. Reasons include: an implementation focused on a single logical qubit may be less of a reflection of the intent of quantum computing implementations; and the fact that scalability claims are relatively vain until scale is actually achieved.

 

But it is currently expected that the realization of one or more (scalable) logic qubits in the future will receive high attention from society and will also be an important milestone in quantum computing research and development.

 

 

 

Quantum computers are seen as the "holy grail" of quantum technology, but also a major threat to cybersecurity.

 

Building a quantum computer requires advances in science and engineering, several years to develop and implement, and a focus of effort and resources. The quest for a quantum computer is often described as a "quantum race," a competition at the national and private company level. This competition, which has heated up considerably in recent years, has also been described as a marathon because of the relatively long-term research and investment required. However, there could be sudden accelerations, which could come in the form of scientific or engineering breakthroughs. In the future, expect improvements in hardware implementations and new error correction and fault tolerance schemes, that is, from schemes aimed at overcoming quantum fragility.

 

In the 2021 report, 46 experts estimated the possibility of realizing a quantum computer — one that could break encryption systems like RSA-2048. While most experts (25/46) judged the probability of developing such a quantum computer within the next 5 years to be very small (<1%), several experts (21/46) said the possibility cannot be ignored. Notably, only 24/46 judged the odds within 10 years to be "<1%" or "<5%" as small.

 

The risk aversion/appetite of companies and institutions can vary widely, but for critical systems this possibility already represents a serious concern. While it will take more than 30 years to quantum crack RSA-2048, and it will be up to each institution, company and manager to decide what risk they are prepared to accept, the Global Risk Institute (GRI) believes that cyber risk managers are naturally more concerned about quantum threats Opportunities that appear early/earlier than expected, not never.

 

The likelihood experts assign to a quantum threat changes from year to year, as factors such as recent results in the field, changes in investment levels, etc. all affect the actual threat timeline and how experts perceive it. Comparing the 2021 opinion with the findings of surveys conducted in 2019 and 2020, experts insist that the quantum threat will become more concrete in the medium to long term.

 

One respondent wrote: "The importance of migrating to post-quantum secure cryptography must be emphasized, especially given the roadmap proposed by industry. This is very important in applications seeking long-term secrecy." In a similar spirit , John Martinis, a pioneer of superconducting circuits who led the first demonstration of "quantum supremacy", proposed a corresponding timeline for cautious action based on the rate of progress he saw: "Quantum-secure encryption needs to be developed and deployed over the next five years to ensure Reasonably secure; it's better to develop and deploy now."

 

The Global Risk Institute and evolutionQ have provided a quantum risk assessment methodology for estimating the timeline of threats and assessing the overall urgency of taking action. GRI and evolutionQ will provide an update on this survey in about a year. The evolving opinions of experts and any changes to the expected timeline of cybersecurity from quantum threats will be further tracked.

 

Original report (including full version):

https://globalriskinstitute.org/publications/2021-quantum-threat-timeline-report/