71% of IT decision-makers predict quantum computers will cause havoc by 2025October 28, 2019 No Comments
By Timothy Hollebeek, Industry and Standards Technical Strategist at DigiCert
By 2025, quantum computing will advance to the point where it can crack existing cryptographic algorithms. That’s the prediction of 71 percent of IT directors, managers and specialists surveyed by DigiCert. Those IT decision-makers shared insights on quantum computers’ threat to cryptography, which is the science of complex algorithms to prevent code-cracking, as well as on post quantum cryptography (PQC) as a way to mitigate the threat.
Quantum computing, which uses quantum bits (or qubits) vs. the bits used by traditional computers, harnesses quantum mechanics to tackle calculations much more rapidly. That’s because complex calculations can be completed simultaneously rather than sequentially. Applications include machine learning, particle physics and the medical sciences. Major tech companies are researching quantum computing.
- At CES 2019 in January, IBM introduced the IBM Q System One, which it described as “a major step forward in the commercialization of quantum computing.” It was on display at the conference, sitting inside a 9-foot-wide case, but usually sits in the IBM Quantum Computation Center in New York.
- In September, a draft paper by Google researchers leaked on a NASA website seemed to indicate the company was close to reaching a computing achievement called quantum supremacy. In the paper, which was later taken down, the researchers “claimed that their processor was able to perform a calculation in three minutes and 20 seconds that would take today’s most advanced classical computer, known as Summit, approximately 10,000 years,” according to a Financial Times article.
Given these significant developments in quantum computing, DigiCert, the world leader in cryptography for the web, decided to investigate the IT industry’s take on quantum computing and the potential negative ramifications on encryption. DigiCert’s “2019 Post Quantum Crypto Survey” collected insights from 400 IT directors, IT security managers and IT generalists in the United States, Germany and Japan.
Threat of Quantum Computing is Fast-approaching
Essentially, those negative ramifications amount to quantum computers making it much easier for cyber-criminals to crack today’s most advanced encryption. Instead of having to rely on repeated password attempts or backward match operations, they gain the speed of quantum computers to get past encryption. The majority of IT decision-makers surveyed recognized that quantum computing will spell trouble, with the only question being when that would occur.
When assessing quantum computing’s threat today, 55 percent consider it either an “extremely large” or “somewhat large” threat. In the future, 71 percent say quantum computing will be an “extremely large” or “somewhat large” threat to existing cryptographic algorithms intended to keep data safe.
PQC as a Way to Mitigate Threat of Quantum Computing
PQC strengthens the encryption algorithms so they can withstand the challenge of quantum computing. Seventy-one percent said they’re “somewhat” to “completely” aware of what PQC is, however, confusion remains because 63 percent chose the correct definition of PQC.
While some confusion remains about the PQC’s definition, companies recognize its importance in combatting potential issues caused by quantum computing. A third of survey respondents said their companies have a PQC budget and another 56 percent are working on one. The budget will be “somewhat” to “extremely” large, according to 59 percent of respondents.
One day, PQC will be a necessity. As mentioned earlier, 71 percent of survey respondents predicted that day will be some time before 2025. Five percent believe it will happen as early as this year. But of those who predicted that day would be before 2025, most – 18 percent – believe it will happen in 2022.
Companies Embracing Multiple Strategies
When asked about the importance of learning quantum-safe security measures, eight out of 10 survey respondents told us it is “somewhat” to “extremely” important. In response to the coming risks caused by quantum computers, companies are taking several different approaches. Of these risks, an IT manager at a medical services company told us: “In the future, it’s going to happen and that’s when we have to be ready for them.”
The approaches mentioned by the IT decision-makers who took the survey are:
- Monitoring (topping the list)
- Understanding their organization’s level of crypto-agility
- Understanding their organization’s current level of risk and acceptable risk
- Building knowledge about PQC and its impact
- Developing TLS digital certificate best practices internal to their organization
Nearly all respondents – 95 percent – reported discussing at least one of these five tactics. Incorporating TLS/PKI best practices as a means of preparing for the attack of a quantum computer is “somewhat” or “extremely” important, according to 86 percent of survey respondents.
Companies Should Prepare Now for Quantum Computing
Quantum computing will have a significant impact on the future of many companies. DigiCert recommends that companies plan their strategies now to protect their security before quantum computing’s threat occurs.
- Know your risk and establish a quantum crypto maturity model.
- Understand the importance of crypto-agility in your organization and establish it as a core practice
- Work with leading vendors to establish digital certificate best practices and ensure they are tracking PQC industry progress
Read more insights from IT decision-makers in our “2019 Post Quantum Crypto Survey.”
Timothy Hollebeek has 19 years of computer security experience, including eight years working on innovative security research funded by the Defense Advanced Research Projects Agency. He remains heavily involved as DigiCert’s primary representative in multiple industry standards bodies, including the CA/Browser Forum, striving for improved information security practices that work with real-world implementations.
A mathematician by trade, Tim spends a lot of time considering security approaches to quantum computing.