LONDON — A little-known U.K. company called Arqit is quietly preparing businesses and governments for what it sees as the next big threat to their cyber defenses: quantum computers.
It’s still an incredibly young field of research, however some in the tech industry — including the likes of Google, Microsoft and IBM — believe quantum computing will become a reality in the next decade. And that could be worrying news for organizations’ cyber security.
David Williams, co-founder and chairman of Arqit, says quantum computers will be several millions of times faster than classical computers, and would be able to break into one of the most widely-used methods of cryptography.
“The legacy encryption that we all use to keep our secrets safe is called PKI,” or public-key infrastructure, Williams told CNBC in an interview. “It was invented in the 70s.”
“PKI was originally designed to secure the communications of two computers,” Williams added. “It wasn’t designed for a hyper-connected world where there are a billion devices all over the world communicating in a complex round of interactions.”
Arqit, which is planning to go public via a merger with a blank-check company, counts the likes of BT, Sumitomo Corporation, the British government and the European Space Agency as customers. Some of its team previously worked for GCHQ, the U.K. intelligence agency. The firm only recently came out of “stealth mode” — a temporary state of secretness — and its stock market listing couldn’t be more timely.
The past month has seen a spate of devastating ransomware attacks on organizations from Colonial Pipeline, the largest fuel pipeline in the U.S., to JBS, the world’s largest meatpacker.
Microsoft and several U.S. government agencies, meanwhile, were among those affected by an attack on IT firm SolarWinds. President Joe Biden recently signed an executive order aimed at ramping up U.S. cyber defenses.
Quantum computing aims to apply the principles of quantum physics — a body of science that seeks to describe the world at the level of atoms and subatomic particles — to computers.
Whereas today’s computers use ones and zeroes to store information, a quantum computer relies on quantum bits, or qubits, which can consist of a combination of ones and zeroes simultaneously, something that’s known in the field as superposition. These qubits can also be linked together through a phenomenon called entanglement.
Put simply, it means quantum computers are far more powerful than today’s machines and are able to solve complex calculations much faster.
Kasper Rasmussen, associate professor of computer science at the University of Oxford, told CNBC that quantum computers are designed to do “certain very specific operations much faster than classical computers.”
That it is not to say they’ll be able to solve every task. “This is not a case of: ‘This is a quantum computer, so it just runs whatever application you put on there much faster.’ That’s not the idea,” Rasmussen said.
This could be a problem for modern encryption standards, according to experts.
“When you and I use PKI encryption, we do halves of a difficult math problem: prime factorisation,” Williams told CNBC. “You give me a number and I work out what are the prime numbers to work out the new number. A classic computer can’t break that but a quantum computer will.”
Williams believes his company has found the solution. Instead of relying on public-key cryptography, Arqit sends out symmetric encryption keys — long, random numbers — via satellites, something it calls “quantum key distribution.” Virgin Orbit, which invested in Arqit as part of its SPAC deal, plans to launch the satellites from Cornwall, England, by 2023.
Some experts say it will take some time before quantum computers finally arrive in a way that could pose a threat to existing cyber defenses. Rasmussen doesn’t expect them to exist in any meaningful way for at least another 10 years. But he’s not complacent.
“If we accept the fact that quantum computers will exist in 10 years, anyone with the foresight to record important conversations now might be in a position to decrypt them when quantum computers come about,” Rasmussen said.
“Public-key cryptography is literally everywhere in our digitized world, from your bank card, to the way you connect to the internet, to your car key, to IOT (internet of things) devices,” Ali Kaafarani, CEO and founder of cybersecurity start-up PQShield, told CNBC.
The U.S. Commerce Department’s National Institute of Standards and Technology is looking to update its standards on cryptography to include what’s known as post-quantum cryptography, algorithms that could be secure against an attack from a quantum computer.
Kaafarani expects NIST will decide on new standards by the end of 2021. But, he warns: “For me, the challenge is not the quantum threat and how can we build encryption methods that are secure. We solved that.”
“The challenge now is how businesses need to prepare for the transition to the new standards,” Kaafarani said. “Lessons from the past prove that it’s too slow and takes years and decades to switch from one algorithm to another.”
Williams thinks firms need to be ready now, adding that forming post-quantum algorithms that take public-key cryptography and make it “even more complex” are not the solution. He alluded to a report from NIST which noted challenges with post-quantum cryptographic solutions.