US and Chinese security chiefs are in a desperate race to protect their secrets from quantum computers which, it’s predicted, could render current encryption methods useless in just two years time.
In February, a Canadian cybersecurity firm delivered an ominous forecast to the US Department of Defense. Everyone’s secrets are now at risk of exposure, warned the team from Quantum Defen5e (QD5).
QD5’s executive vice president, Tilo Kunz, told officials from the Defense Information Systems Agency that possibly as soon as 2025, the world would arrive at what has been dubbed “Q-day,” the day when quantum computers make current encryption methods useless.
Machines vastly more powerful than today’s fastest supercomputers would be capable of cracking the codes that protect virtually all modern communication, he told the agency, which is tasked with safeguarding the US military’s communications.
In the meantime, Kunz told the panel, a global effort to plunder data is underway so that intercepted messages can be decoded after Q-day in what he described as “harvest now, decrypt later” attacks, according to a recording of the session the agency later made public.
Militaries would see their long-term plans and intelligence gathering exposed to enemies. Businesses could have their intellectual property swiped. People’s health records would be laid bare.
“We are not the only ones who are harvesting, we are not the only ones hoping to decrypt that in the future,” Kunz said, without naming names. “Everything that gets sent over public networks is at risk.”
Kunz is among a growing chorus sounding the alarm. Many cyber experts believe all the major powers are collecting data ahead of Q-day. The United States and China, the world’s leading military powers, are accusing each other of data harvesting on a grand scale.
The director of the Federal Bureau of Investigation, Christopher Wray, said in September that China had “a bigger hacking program than every other major nation combined”.
In a September report, China’s chief civilian intelligence agency, the Ministry of State Security, accused the US National Security Agency of “systematic” attacks to steal Chinese data.
More is at stake, though, than cracking codes. Quantum computers, which harness the mysterious properties of subatomic particles, promise to deliver breakthroughs in science, armaments and industry, researchers say.
However, opinion is divided on the expected arrival of Q-day. It’s still relatively early days for quantum computing – so far, only small quantum computers with limited processing power and a vulnerability to error have been built. Some researchers estimate that Q-day might come closer to the middle of the century.
No one knows who might get there first. The United States and China are considered the leaders in the field but many experts believe America still holds an edge.
As the race to master quantum computing continues, a scramble is on to protect critical data. Washington and its allies are working on new encryption standards known as post-quantum cryptography – essentially codes that are much harder to crack, even for a quantum computer.
Quantum technology “is likely to be as transformational in the 21st century as harnessing electricity as a resource was in the 19th century,” said Michael Biercuk, founder and chief executive officer of Q-CTRL, a quantum tech company that was established in Australia and has major operations in the United States.
Beijing is trying to pioneer quantum communications networks, a technology theoretically impossible to hack, according to researchers.
Quantum communications is an area where China is spending big. The technology has the potential to safeguard Beijing’s data networks, even if Washington and other rivals are first to reach Q-day.
President Xi Jinping stressed the “strategic value” of quantum technology in a 2020 speech to top Chinese leaders, the official Xinhua news agency reported. Under Xi, China has set clear targets to dominate quantum science.
It is spending more than any other country on quantum research by some estimates. In an April report, McKinsey & Company estimated that Beijing had announced a cumulative $15.3 billion in funding for quantum research, more than quadruple the equivalent US figure of $3.7 billion.
China’s Bid For Quantum Lead
A key driver of China’s quantum tech quest is Pan Jianwei, a physicist who has achieved celebrity status in China along with praise and support from the ruling Communist Party.
Pan, 53, is a professor at the University of Science and Technology of China, the country’s premier quantum research outfit. In 2011, he was elected to the Chinese Academy of Sciences, an honour given to scientists who have made important advances in their fields.
Pan in media interviews has said he wants to make China a leader in quantum technology while building an internet secure from cyberattacks. This would serve vital strategic purposes, security experts say.
It would protect the Chinese leadership and military from hacking, especially in a conflict. A quantum-fortified internet could protect vital infrastructure and the vast surveillance network the Communist Party has built to stamp out any challenge to its monopoly on power, they say.
Despite China’s apparent lead in official funding, some researchers say America remains the overall quantum leader thanks to its private sector technology innovators, government labs, university researchers and collaborating allies.
And Washington is moving to restrict US investment in China’s quantum capabilities.
In August, President Joe Biden signed an executive order directing the US Department of the Treasury to regulate US investments in quantum computing, semiconductors and artificial intelligence.
An annex to that order named China as a country of concern, along with its special administrative regions of Hong Kong and Macau. That could lead to bans on investment in Chinese production of quantum technologies and equipment.
New US Encryption Standards
Globally, government security agencies and the private sector are working on strategies to beat quantum computers. In August, the US National Security Agency and other agencies urged the public and companies to adopt new measures to safeguard their communications with post-quantum cryptography.
After extensive evaluation, the US National Institute of Standards and Technology (NIST) last year selected four so-called post-quantum cryptography (PQC) algorithms – new encryption standards that some cyber experts believe will provide long-term security.
US government agencies next year are expected to issue a new standard for post-quantum cryptography, Biden disclosed in a May memo. NIST said in August that it’s working on standardising these algorithms, the final step before making these tools widely available for organisations to upgrade their encryption.
Not everyone agrees the new algorithms will offer reliable security. Kunz told Reuters that eventually the new cyphers could be compromised as quantum computers improve. “The problem is that PQC is not unbreakable,” he said. “It does not solve the harvest now, decrypt later problem.”
In the meantime, one challenge for the keepers of digital secrets is that whenever Q-day comes, quantum codebreakers are unlikely to announce their breakthrough. Instead, they’re likely to keep quiet, so they can exploit the advantage as long as possible.
“We won’t necessarily know” when the codes are broken, Kunz told the Pentagon panel. “We will probably find out the hard way,” he said. “But what we can expect is that they will be broken.”
- Reuters with additional editing by Sean O’Meara