How the industry expects to secure information in a quantum world

With all of the good a quantum computer promises, one of the side effects is that it will be able to break the mechanisms currently used to secure information. But the industry is onto it, and Australia's QuintessenceLabs is playing a key role.

Quantum computing is expected to revolutionise the world and Australia is well placed to be the first across the quantum finish line. But for all the good a quantum computer promises in areas such as medicine, it also allows for current security methods to be broken.

Speaking with ZDNet following his address at the ACS Canberra Conference last week, founder and CEO of Australian quantum cybersecurity firm QuintessenceLabs (QLabs) Vikram Sharma detailed the plan of the global security industry as it prepares for the reality of a quantum computer within the next decade.

"Because of the advances in quantum computation, they are going to put at risk many of the mechanisms we use to secure information today. But interestingly enough, quantum technologies can also provide some of the solutions to mitigating against this risk or meeting this challenge," he said.

The second quantum revolution is just starting to unfold, with Sharma pointing to the invention of the transistor in 1947 that was followed by the many appliances, devices, and instrumentations that leveraged it from the early 1950s.

What is different about the second revolution is that the first saw the passive leveraging of quantum effects that occurred in nature; while the characteristics of the second revolution is that quantum states that do not exist in nature can be actively engineered.

"By engineering new quantum states, or effects, there is a host of capabilities that are already unfolding and are going to bring about step change in many aspects of our lives over the coming decades," Sharma explained.

QLabs was formed in 2008 as a spin-off out of the physics department at the Australian National University (ANU) in Canberra, although QLabs' product suite was developed independent of ANU.

QLabs is focusing in particular on applications in cybersecurity and communications and scooping up funding from the Australian government to help it do that at a Defence-grade level.

Today, commercial exchange of information is protected primarily via public key infrastructure (PKI), with the security of PKI reliant on the computational complexity of certain mathematical operations.

Sharma said that essentially, the system is reliant on mathematical problems that are easy to do one way, but difficult to reverse in order to decrypt -- and that's what cybersecurity currently relies on. One such system used for PKI exchange is an RSA algorithm.

"The mathematics of the RSA key exchange will be broken once we have a quantum computer because it will be able to do the reverse calculation much faster than we can with conventional computers, even supercomputers," Sharma explained.

"That's where the threat arises ... when we look forward we need to recognise that certainly within the next decade, most people would contend, that we'd have a quantum computer available at a useful scale.

"That's the threat, but the challenge we're being faced is with all of the good things a quantum computer will do, one of the side effects is that it will be able to break the mechanism we use to secure electronic commerce and money through our commercial exchanges today."

According to Sharma and his peers, there are three broad approaches towards mitigating against the problem, with the first taking the mathematical problems used today that will be broken and replace them with more difficult mathematics.

"We hope that a quantum computer will not be able to break them," he said.

The National Institute of Standards and Technology (NIST) has been running a program to determine the next set of algorithms to protect data that will be quantum safe.

NIST in December selected over 90 candidates to help develop quantum resistant algorithms (QRA), suggesting that by 2022-23 the first QRA will make its way to a recommendation.

The US National Security Agency (NSA) has also been involved, asking organisations to move to large symmetric keys, rather than asymmetric keys that PKI uses.

"They should be what they termed high entropy, which is code for truly random," Sharma said of the second broad approach towards being quantum secure.

This is one of the plays that QLabs is working on.

The company in February announced developing a full-entropy quantum random number generator, by leveraging a "flaw" in diodes. The flaw, a property in diodes known as quantum tunnelling, is a phenomenon in which a particle travels across a barrier that -- according to classical mechanics -- it should not be able to cross.

See also: QuintessenceLabs getting truly random with quantum security

Essentially, QStream puts out a billion random numbers a second, supporting the NSA recommendation for high entropy symmetric keys, Sharma noted.

The third area is quantum key distribution, where instead of using mathematics to protect the transport of the key from one party to another, QLabs and others are using the principals of physics.

"If I send you a key which is encoded right at the quantum level -- in our case we do this by imprinting it on laser ... moving it on the frequency space -- and I do that hundreds of millions of times per second and I send it to you, if somebody tries to intercept that while it's in transit, because of the laws of quantum physics, their act of eavesdropping or interception will be revealed to you and I," he explained.

"We will then discard that key and we will only use a key when we've assured ourselves that there was no such interference, giving an absolutely secure way to transport the keys."

The three approaches have been widely agreed upon as the way to become quantum safe, with Sharma noting it will be a hybrid of the three which will likely form the basis of the cybersecurity systems of the future -- anywhere where sensitive information is being stored and transmitted.

"Where multiple layers of defence working in concert," he added.


QuintessenceLabs harnesses diode 'flaw' for new quantum number generator

Hijacking a flaw in diodes to harness quantum physics, Australia's QuintessenceLabs has built a full-entropy quantum random number generator with a 1Gbps output.

Australian security trio aim for unbreakable encrypted data environment

Vault, QuintessenceLabs, and Ziroh Labs have joined forces to build a system for strong encryption of user data for government.

Australia's ambitious plan to win the quantum race

Professor Michelle Simmons thinks Australia has what it takes to be the first to the finish line in the international quantum computing race.

How quantum computing could create unbreakable encryption and save the future of cybersecurity (TechRepublic)

Photon-based quantum encryption could help companies better defend against cyberthreats, and it's one step closer to reality thanks to research from Duke University.