We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.


Quantum Computing Paranoia Creates a New Industry

Even though quantum computers don’t exist yet, security companies are preparing to protect against them.

Fear sells in the computer security business. And in late 2015 Massachusetts-based Security Innovation got an unexpected boost from one of the scariest organizations around—the National Security Agency.

For six years the company had been trying to create a new revenue stream by licensing an unusual encryption technology called NTRU, which it acquired from four Brown University mathematicians. It was invented as a solution to the powerful code-breaking power of computers that exploit quantum physics, but interest was slack because quantum computers didn’t yet exist or look likely to exist anytime soon.

Then the NSA warned that due to progress in quantum computing, the encryption that protects online transactions such as banking must be replaced with something quantum-computer-proof as soon as possible. “At that point we no longer had to convince people this was a real threat,” says Gene Carter, director of product management at Security Innovation. “We had people calling us and saying ‘Help!’”

Security Innovation is now part of a small but expanding industry offering to help companies plan for quantum crypto-Armageddon.

Quantum computers that are capable of breaking some of the encryption society relies on today still look to be many years away. And the consensus among cryptographers is that the “quantum safe” encryption systems proposed so far—NTRU included—still need more study. But the potential mayhem quantum computers could cause, and sobering statements from government agencies such as the NSA, appears to have provided enough urgency to create a market.

The National Institute of Standards and Technology has said government agencies should be ready to switch to what it calls “post-quantum” encryption by 2025. Security Innovation and its handful of competitors say they already have clients studying how to upgrade their systems to be quantum-safe encrypted, or even experimenting with some of the proposed quantum-proof encryption schemes.

One company in the quantum-preparedness business is Atos, a multibillion-dollar IT services company headquartered in France. Frederik Kerling, who leads the company’s efforts in this area, argues that it makes sense for companies that deal with sensitive data to get a head start on the giant task of upgrading their infrastructure later on.

“Encryption is hidden everywhere inside organizations, inside hardware and software, and you need to know where it is if you are going to be able to upgrade it,” he says. Although helping companies plan for a secure transition into the quantum computing era is a niche business, Kerling expects it to grow significantly over the next few years. “Awareness has been picking up,” he says.

Google and Microsoft have lately increased their investments in quantum computing research. Kerling says that an IBM project that put an experimental quantum chip online last year has helped convince many executives he’s spoken to that they need to consider the security implications of the technology.

Many of the world’s largest technology companies are involved in the effort to develop new forms of encryption that could resist future quantum computers. Cisco and Amazon have been involved with efforts from European and international standards groups to study the situation, for example. Microsoft has tested a quantum-resistant variant of the encryption used to secure webpages. Google is even testing a post-quantum algorithm dubbed “New Hope” in its Chrome Web browser.

Cryptographer Bruce Schneier, chief technology officer of Resilient Systems, a security company owned by IBM, says that kind of research and efforts from government agencies such as NIST is vital. But he is less supportive of the idea companies should begin planning in detail now for the quantum computing era. “I think it's too early,” he says. “Companies don't need to think about this yet.”

Michele Mosca, cofounder of the Institute for Quantum Computing at the University of Waterloo, Canada, and cofounder of post-quantum security company EvolutionQ, argues that it isn’t too early for companies handling data that remains valuable for many years, such as medical or financial records.

Such companies need to consider the risk that an adversary could capture encrypted data and store it until the day a quantum computer can decrypt it, says Mosca. Unless some companies start engaging now with the complicated process of upgrading society’s encryption, the industry won’t be ready to deploy quantum-secure encryption quickly when standards bodies and governments do sign off on it, he says.

Mosca estimates a one in seven chance that by 2026 someone, likely a nation state, will have a quantum computer able to crack encryption used for critical data today. “The industry’s usual recipe of waiting for catastrophe and then fixing it is very risky,” he says.

Couldn't get to Cambridge? We brought EmTech MIT to you!

Watch session videos here
More from Connectivity

What it means to be constantly connected with each other and vast sources of information.

Want more award-winning journalism? Subscribe to Insider Plus.
  • Insider Plus {! insider.prices.plus !}*

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    Print + Digital Magazine (6 bi-monthly issues)

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

    Technology Review PDF magazine archive, including articles, images, and covers dating back to 1899

    10% Discount to MIT Technology Review events and MIT Press

    Ad-free website experience

You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.