The choices made today by public safety and security organizations with regard to the quantum internet will determine our future security. With the advent of new advanced computers cracking today’s encryption with ease, we must act now and draft the laws and regulations of tomorrow.
Governments beware: the second quantum revolution is unfolding. Where the first quantum revolution laid the foundation for modern science, we will soon see science being translated into practical applications to solve the world’s most complex problems. These problems now require literally millions of years of computing time on the world’s strongest (classical) supercomputers. It is clear that, in various industries, quantum technology will have a disruptive effect.
Like ordinary computers, quantum computers will also be connected to each other through a ‘quantum internet’. Currently, the internet provides the global connection between classical computers and is an indispensable part of today’s society. Along with the early rise of the internet, concerns about (online) safety grew in tandem. From internet banking to the storage of personal data, cybersecurity became woven into the internet. Deducing from how the internet evolved from ARPANET to TCP/IP stacks, we will likely see a similar situation with the quantum internet.
The security of the quantum internet
There are two areas of concern with regard to the security of the quantum internet. On the one hand, the quantum internet brings the possibility of (and the need for) answering emerging challenges in the cybersecurity domain. At a time where digital processes are a cornerstone of every organization, we rely heavily on proper cybersecurity measures and up-to-date encryption. Fast changing, and increasingly complex cybersecurity poses the risk that governments, businesses, and individuals will not be able to keep up with the latest security measures to ensure safety of their data. Alarmingly, this means we run the risk of critical systems being easy to break into.
At the same time, the advent of unprecedented quantum computing power threatens to break critical encryption. There could be disastrous consequences should quantum computers fall into the hands of malevolent groups or individuals. Hostile nations or terrorist organizations could use this computing technique to uncover state secrets, steal intellectual property, or disrupt financial markets. It is therefore crucial to mitigate the risks of quantum computers and prevent malicious parties from gaining access to certain parts of the quantum internet.
Governments must take a leading role in the preparation of the quantum internet’s advent. First, outdated encryption must be updated. Timing is of the essence or governments run the risk of sensitive and critical information being stolen. Security for critical information that must remain confidential even in the long term will be the first to be adapted — and fast. There is no more time to lose. Second, governments will have to regulate those who can make use of the quantum internet’s unprecedented possibilities to avoid quantum computers falling into the wrong hands.
Mitigating the quantum risk is complicated because unbreakable encryption and blind quantum computing make it impossible to have insight into the intentions of quantum internet users. A well thought out protocol will have to be developed, through which access to the quantum internet for the right parties can be guaranteed and malicious parties can be denied. It is important that governments and their public security agencies are at the forefront of this. Choices about standards, protocols, and regulation will be decisive in ensuring the wise use of the quantum internet. The choices we make now will determine our future digital security.
Digital security at the time of quantum technology
Let’s discuss post-quantum cryptography (PQC). This is cryptography that is believed to be impossible to break, even for quantum (super)computers. However, as technology evolves, we can never know for sure whether unbreakable remains unbreakable. For example, encryption that was deemed safe in the past has since been cracked. In the 1990s, it was assumed that essential keys in internet traffic, such as the symmetric keys RC2, RC4, DES or 3DES, and hashing functions such as MD2, MD5 or SHA1 were safe. But in time, through new mathematical insight and faster computers, it turned out that these standards could be successfully broken by smarter algorithms on ordinary computers. Now it appears that asymmetric keys such as ECC and RSA, and, to a lesser extent, symmetric keys such as AES, can be broken using quantum computers. So, while we expect PQC to be unbreakable by either classical or quantum computers, we do not know this for sure. New mathematical insights could lead to PQC having to be replaced as well.
For the most sensitive data, it is therefore important to go one step further. Fortunately, the quantum internet offers a solution here. By using the entanglement of particles (a characteristic of quantum physics that makes particles share a special bond), encryption can be designed that is provably unbreakable. This means that even if new mathematical insights were to occur, the encryption would still not be broken. The development of the technology behind this, which is referred to as ‘quantum key distribution’ (QKD), is in full swing. However, many breakthroughs are still needed before a European network with encryption based on QKD is available. And even then, the implementation of QKD will be extremely expensive and complex, and therefore not suitable for every use-case. However, if data needs to remain protected for a long time, it can offer a solution.
Even if this form of unbreakable encryption becomes available, a variety of different encryption techniques will still need to be in place. This is due to the fact that QKD is only intended for key exchange. With regard to other cryptographic primitives (such as digital signatures or message encryption), other forms of encryption are still relied on (either PQC or older traditional or contemporary forms of encryption).
Different applications will require different forms of PQC and there will be no ‘one size fits all’ solution. The use of PQC will have to be evaluated case by case, considering different properties such as key lengths and encryption/decryption performance, the algorithm, and its implementation.
All in all, digital security will change in the age of quantum technology. Our security will increasingly depend on complex systems, and migration to more secure systems will become ever more complicated due to the cumulation of data. At the moment, awareness of the need is still too low, although large companies are beginning to recognize its importance. It will also be a major challenge to renew standards across the broad scope in which encryption is used. In addition, smaller governments or companies with smaller budgets will struggle to cope with the large number of complex systems, which will delay the migration. This poses a risk of there being holes in the protection of our digital security. The solution lies in better cooperation within governments; both amongst governments and with private sector companies, knowledge institutions and civil society.
Responsible use of the quantum internet
The question here remains: how can malicious parties be prevented from abusing quantum technology? We must prevent criminals, terrorists, or hostile governments from using quantum computers to break traditional encryption and gain access to essential infrastructure, such as power plants or military systems. The consequences of this would be incalculable. Besides breaking encryption, more algorithms that run on quantum computers could potentially harm society. An example would be quantum algorithms that are particularly effective in calculating the chemical properties of molecules. These algorithms allow new materials and drugs to be invented. But here, too, there is a downside. What if a government acting on its own authority uses quantum computers to develop chemical weapons or a new virus?
Therein lies an additional danger. Due to the changing encryption on the quantum internet, it is becoming increasingly complicated to check that users have the right intentions. By using PQC or QKD, messages sent over the quantum internet can no longer be traced, even by intelligence services. In addition, the quantum internet could offer possibilities to perform calculations and use the internet completely anonymously. This so-called ‘blind quantum computing’ ensures that even the owner of the quantum computer is unable to find out what calculations users perform on the computers. While this can offer great applications in terms of privacy, there is a risk of losing all insight into users’ intentions.
In Europe, innovation in the field of quantum technology is predominantly financed through public funds. Its benefits will therefore have to reach entire populations. It is quite conceivable that once the quantum internet is functional, there will be winners and losers. Globally, we as humanity would therefore do well to open up this quantum internet and grant each other the right to communicate securely when it comes to critical information. The right to keep sensitive information secure should not only be reserved for the smartest countries and parties.
In addition, we will still need to regulate what the quantum internet is used for, because even without the ability to send uncrackable data, both the sender and the receiver should not be allowed to spread harm.
This means that, with the approaching possibilities of the quantum internet, a widely supported framework is needed that steers towards responsible use. Public security entities will have to ask themselves questions such as: how do we ensure fair access, controls, and guarantees? And how do we defend ourselves against malicious organizations and individuals?
By now, governments around the world have started to see the importance, and dangers, of the quantum internet. In the United States, for example, the National Quantum Initiative has a grant of more than $1bn at its disposal. However, there is always a bigger fish: the US program is small fry compared to that of China. In 2020, the Chinese government announced a $10bn subsidy program. This ambitious science program undeniably makes China one of the world leaders in quantum technology. In recent years, the European Union has also invested a lot of money in various quantum technologies; the European Quantum Flagship program has a budget of over €1bn until 2028. Quantum technology also plays a role in other grant programs, such as Horizon Europe (with a proposed budget of around €100bn), and individual EU Member States have ambitious programs in place.
Alongside government projects, companies are investing in research. Although the associated profit is virtually zero at this time, these companies are proactively preparing for the paradigm shift that quantum technology can, and almost certainly will, bring. European companies are not standing still in this respect. Due to the necessity of a space travel element in quantum communication and security, multinationals such as Airbus and Thales are at the forefront of quantum innovation. Yet, the market is dominated by American ‘big tech’ firms. Financing comes from both the deep pockets of these firms themselves and the venture capital that abundantly flows in the United States.
To safeguard European values, take advantage of economic opportunities, and protect our technological sovereignty, we must catch up soon. Europe has previously been slow to respond in the race for artificial intelligence: can we keep up and even get ahead in the field of quantum technology?
Making choices on the front line
The quantum internet age is nearing. Now is the time to make deliberate choices with regard to its openness and sovereignty, and the topic must be addressed in drawing up today’s security policies.
European governments must set an example in a world of changed digital security. Billions of euros in subsidy processes will be needed in the roll-out of QKD networks, and companies will have to be made aware of the dangers and benefits of the quantum internet. Simultaneously, state-sensitive data must be properly protected.
Finally, public security bodies will have to make choices in order to ensure fair and responsible access to the quantum internet. To protect the interests of citizens, access cannot be reserved purely for the richest or smartest, and malicious organizations must be prevented from using the quantum internet to disrupt social systems.
Do we opt for a structure dominated by American and Chinese big tech, or do we strive for a structure like the existing internet? Will we learn from the historical development of the internet, and proactively create universal laws and regulations, protocols, and standards?
To be at the forefront of innovation, instead of passively following, is of great importance to the security and sovereignty of Europe and its nation states. Let the adage “If you want to go fast, go alone; but if you want to go far, go together” apply to our European future in the world of quantum innovation.
|Quantum internet||The vision of a quantum internet is to connect quantum processors by means of quantum communication. In synergy with the classical internet, the quantum internet will enable new internet technology that used to be impossible. Examples include unbreakable cryptography, clusters of parallel quantum computers, and quantum sensor networks.|
|Quantum key distribution||Quantum key distribution (QKD) is a technique that uses the entanglement of quantum particles, allowing for uncrackable keys to be shared.|
|Post-quantum crypto||Post-quantum cryptography (PQC) is classical encryption, believed to be safe from future quantum attacks.|
|Quantum computing||Quantum computers are machines that make smart use of quantum mechanical phenomena, which can cause some arithmetic tasks to be accelerated to an extreme degree.|
|Blind quantum computing||‘Blind’ means that the supplier of the quantum computer does not have (complete) information about the tasks that are performed. This means that the user has complete privacy.|
Find out more
This article has been adapted from a chapter in the Trends in Safety 2021-2022 report giving European leaders insight into the safety and security trends affecting citizens in the Netherlands.
For information on Capgemini’s Public Security and Safety solutions, visit our website here.
|Julian van Velzen
Expert quantum technology
Julian van Velzen is CTIO & Head of Capgemini’s Quantum Lab: a global network of quantum experts, partners, and facilities, focused on three key areas: sensing, communication and computing. From this Lab, Capgemini is exploring with its clients how to apply research and build demos to help solve business and societal problems that, up until now, have been seemingly intractable.
Email : firstname.lastname@example.org
Senior Consultant Public Sector
Luc works at Capgemini Invent on projects in which he searches for the common denominator in achieving profit for every party in every collaboration. Luc applies Capgemini’s method of Empowering Ecosystems in public themes, such as smart cities and cybersecurity in both national and European playing fields.
Email : email@example.com