Skip to Content

Digital security and quantum computing: An essentially paradoxical relationship

Capgemini
14 Dec 2022

All of our online actions today are governed by a set of cryptographic rules, allowing secure exchanges between different parties; but a new threat is looming.

While we are impatiently waiting for the emergence of quantum technologies, which will bring major technological progress, the internet is preparing for the day when quantum computers will be able to decrypt our secure communications, called “Q-Day” by some.

But, while quantum hardware is not yet mature enough to decrypt the algorithms currently used, our data is already at risk from hackers, who accumulate encrypted data in order to decrypt it in the future. So, how do we prepare for this eventuality and how has this threat, as of today, changed the way we think about this relationship between cybersecurity and quantum computing?

Quantum computing is a scientific technological evolution. Conversely, digital security is a concept: in essence, it can be interpreted differently depending on its uses, which are sometimes competing (Read more on this subject from B. Buzan and D. Batistella). Exploring the relationship between quantum computing and digital security can therefore generate paradoxical discourse.

The paradox of quantum progress: threat or opportunity for security?  

The current investment in quantum technologies is teeming and patent publications have grown exponentially over the last 10 years. The emergence of numerous venture capital companies in the ecosystem also demonstrates the market’s interest in these technologies. This will lead to numerous use cases due to quantum computers providing exceptional computing power, but which will also offer tools to cybercriminals, to deconstruct the security systems already deployed.

For example, via the quantum implementation of Shor’s algorithms, it will be possible to break the current cryptographic protections, which are based mainly on the current difficulty in factoring large prime numbers in a reasonable amount of time. Therefore, the arrival of the quantum computer, and its use by networks of cybercriminals, will mean a significant risk for companies. Data requiring long-term storage (biometrics, strategic building plans, strategic IP, etc.) could then be easily accessible by malicious entities using quantum computing power.

These threats call into question the creation of a digital space known as “trusted.” The risk is therefore too great to stand still in the face of this quantum revolution, and the launch of initiatives is necessary, as soon as possible, to identify the risks associated with the various activities of the company, and to reassure on a large scale.

At the same time, new technologies promising quantum security are emerging.  First, new mathematically based cryptography is being developed that remains “unbreakable” even by quantum computers. According to the viewpoint published by ANSSI on January 4, 2022, the National Institute of Standards and Technology (NIST) has been analyzing “post-quantum cryptography” (PQC) algorithms, to increase the defense strengths of the virtual world tenfold since 2016. This standardization recommendation is expected to be published by 2024.

Second, physics-based cryptography, called quantum key distribution (QKD), is emerging as an alternative for ultra-secure communications. While post-quantum cryptography is based on the premise that no efficient (quantum) algorithm has been found to “break” it, QKD technology relies on physical principles to detect the interception of secure keys. In case of interception, these keys can be regenerated until the parties are certain that the communication is secure.

This standardization of post-quantum algorithms is focused on a competition organized by NIST in order to analyze different algorithms and keep the most efficient. In this competition, 69 candidate algorithms were submitted in 2017, of which only 7 reached the 3rd round of qualification in July 2020. The algorithms selected in this round are based on NP-Hard problems (whose solution is performed in exponential times, at best) and which will remain complicated to solve even for quantum computers. They are concentrated around “lattice” problems (based on the calculation of the smallest vector in a set of points) as well as “code-based” algorithms (based on the decoding of a linear code). The results of this first round were published on July 5, 2022.

Finally, by drastically accelerating the learning speed of artificial intelligence and machine learning algorithms, quantum computing will also strengthen all the security systems that rely more and more on these technologies. Security operations centers (SOCs), which deploy tools to detect weak signals of attacks, and which aim to quickly identify deviant behavior in networks and uses, will be all the more effective. In all sectors, from fraud detection in banking to industrial incidents, quantum computing will increase the effectiveness of SOCs. As a result, the need for security teams to ramp up on these already visible technologies will only increase in the coming years.

The paradox of quantum research: wait too long or act too fast?

In all public and private organizations, the development of security teams’ expertise in quantum issues is still in its infancy. In the best of cases, the first reflections are oriented around the business benefits of quantum technologies, leaving cybersecurity issues and the concrete analysis of risks and opportunities in the background. This observation is reinforced by a lack of awareness of the subject within companies, which means limited internal training initiatives for employees, and so leaves the subject to external expert partners.

How can we professionalize the approach to a technology that has not yet been democratized? At what point does research become real enough to trigger industrialized programs? Even as we enter the development phase of a new generation of more powerful quantum computers, the need for companies to experiment becomes essential, in order to avoid being threatened by cybercrime networks that are constantly one step ahead of the lines of defense, and more agile in absorbing new technologies and hijacking them.

The presence of Cloud leaders (Google, Amazon, Microsoft, IBM, etc.) in this market allows a democratization of, and a relatively easy access to, these technologies. The availability of quantum resources, via platforms already implemented by their customers, creates a very fertile ground for various experiments. But how to secure sensitive information from these projects when using external and shared devices, which is the very basis of the cloud model? So-called “blind quantum computing” ensures that even the owner of the quantum computer is unable to know what computations users are performing on them. However, while this can have great applications in terms of privacy protection, there is, in return, a risk of losing any insight into the user’s or users’ intentions.

Waiting too long or acting too fast? The answer is not simple and will come from a collective movement, driven by the construction of large training programs in quantum engineering (certification courses, allocation of research budgets, etc.), or the pairing between organizations and start-ups.

The geopolitical paradox: a universal issue or a question of sovereignty?

All scientific revolutions end up becoming universal, one way or another. They impact societal structures, means of production, and, de facto, citizens; the quantum revolution is no exception to the rule.

However, it is clear that it is the subject of a geopolitical confrontation. Like digital technology, quantum computing is a field of economic and political competition between states. Some states invest more than others, implying two phenomena: a competitive advantage in the context of the market economy around quantum computing that will be created in the coming years, and a use for national intelligence purposes.

China is well on its way to becoming the leader in quantum technologies, especially in the field of communications, with an estimated investment volume of 10 billion euros. It has the largest QKD quantum communication network, with satellites and a fiber optic network capable of communicating over 4600 km. This is a strategic project that aims to protect its commercial and military communications from intrusions.

France, for its part, aims to become a leader on a European scale, with a plan to invest 1.8 billion euros over five years, announced in January 2021. With a very dynamic ecosystem of start-ups, France is investing in ways to facilitate meetings between academic experts and industry. Examples include Pasqal, which is developing its offer (a quantum computer capable of computing at room temperature, providing the best ratio of computing capacity to energy consumed in the world), merging with Qu&Co to create a European leader, and Alice and Bob, which is raising €27 million – and academics around the Saclay plateau.

This dynamism has led to some initial achievements, such as the French Navy’s development of the Girafe system (interferometric gravimeters for research with embarkable cold atoms), an autonomous navigation system based on quantum detection technologies that can calculate its exact position without using the American GPS network, scheduled for 2026/2027.

On the cyber side, the inauguration of the Cyber Campus on February 15, 2022, is another example: it demonstrates a French willingness to organize cross-sectoral, public/private cooperation around major cybersecurity challenges and future innovations. It is typically the place where the challenges of the arrival of quantum computing can be discussed.

Quantum computing then becomes a question of digital sovereignty – the idea that in a polarized world order, it will be important for states to assert a quantum power and a capacity for self-determination over their digital space.

Quantum computing will bring intrinsic contradictions: on the one hand, universal scientific progress and the strengthening of our anti-cybercrime capacities, and on the other, the reinforcement of a geopolitical and economic conflict and a threat to digital trust.

First published in Les Echos, 15 September 2022 : Avec le quantique la sécurité numérique entre dans l’ère du paradoxe

Author: Clément Brauner, Quantum Computing Lead, Capgemini Invent.
Co-authors: Jeanne Heuré, Head of Digital Trust & Cyber, and Nicolas Gaudilliere, CTO – both of Capgemini Invent