There is much excitement about the global race to develop a quantum computer. But only recently has the warning been sounded that a more important race must be run first – one to prevent this new technology from crippling current cybersecurity methods, which could expose vaults of data to snoops and hackers.
How do quantum computers operate differently from classical computers, and why is it making some people excited and others anxious?
Quantum computing makes use of quantum physics to perform calculations at incredibly fast speeds. Classical computers (what we have now) have only two options for processing information: data is broken down into 'bits', which are a 0 or a 1. In quantum physics, particles act like waves, so they can be particle or wave, or particle and wave. This is what’s known as superposition – where a ‘qubit’ (quantum bit) can be a 0 or 1 or 0 and 1. This means quantum properties can perform two equations at the same time and that two qubits can perform four equations and so on.
They will be exponentially more powerful than classical computers – solving problems in a day rather than thousands of years with benefits including medical advances and materials discovery, accelerated machine learning, and the ability to search and connect data faster to impact across many industries.
However, quantum computing brings with it insecurity to cybersecurity, and it’s not a good time for Australia to be suffering from a deficit in specialist IT skills and an undersupply of new ICT graduates.
At present, university graduates account for only one per cent of the ICT workforce (ACS 2016 Digital Pulse Report, prepared by Access Economics). In December 2015, online employment marketplace Seek said that cybersecurity roles advertised in Australia had grown by more than 60 per cent in 12 months but positions were proving difficult and expensive to fill.
The wake-up call to the world about quantum computing came last year when US-based intelligence organisation the National Security Agency (NSA) announced that progress in quantum computing had advanced to the point where now was the time to prepare to transition to quantum-safe cryptography.
However, some researchers had already been making progress to develop post-quantum cryptography well before the NSA alert.
Professor Willy Susilo, of the University of Wollongong, is one of the few experts in the world who specialise in post-quantum cryptography. He has been working in this area since starting his PhD at UOW in 1998 and has been the Lab Director of the Centre for Computer and Information Security Research Lab at UOW since 2006.
In 2009, Professor Susilo was awarded $243,000 by the Department of the Prime Minister and Cabinet to support research titled 'Post-quantum Cryptography: Protecting Counter-Terrorism Against Future Capabilities of Quantum Computers'.
Recently, Professor Susilo was awarded a prestigious grant from the US-based National Institute of Standards and Technology (NIST) to investigate the construction of post-quantum cryptography. He is also currently working on algorithms to submit to NIST’s Post-Quantum Crypto Project by late 2017, and predicts that quantum computing is between 10 and 15 years away.
“Now its become a big issue in the world and everyone is talking about it,” Professor Susilo says of quantum computing’s potential effect on cybersecurity.
“Algorithms for quantum-proof encryption exist but they have not been studied thoroughly and hence their security remains questionable.”
Cybersecurity makes our online systems more resilient to attacks and protects infrastructure from cyber threats. A fundamental pillar of cybersecurity is cryptography, which is based on mathematical theory such as integer factorisation and discrete logarithm problems. Cryptography takes data that is readable and makes it unreadable to humans. It is what keeps everyone’s bank records, private communication and passwords safe.
It is estimated that by 2020 there will be at least 50 billion devices connected to the internet globally and 90 per cent of Australians will be online by 2017. This increases the risk of theft, fraud and abuse – not just for individuals, but businesses, financial markets, governments and entire countries.
Algorithms for quantum-proof encryption exist but they have not been studied thoroughly and hence their security remains questionable.
Australia is already an economic crime hot spot, with PwC’s 2016 Global Economic Crime Survey finding that 65 per cent of Australian organisations had experienced cybercrime in the past 24 months. Almost one million Australians were estimated to be victims of identity theft online in 2014 (Cyber Security Strategy).
The biggest breach came in August this year when the Australian Bureau of Statistics’ Census website was reportedly shut down after being attacked by foreign hackers.
So how hard will it be to maintain cybersecurity when quantum computers arrive?
NIST's report on Post-Quantum Cryptography published in April this year paints a gloomy picture of what could happen. “If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use. This would seriously compromise the confidentiality and integrity of digital communications on the internet and elsewhere,” the report states.
To shore up Australia’s cybersecurity defences, in April this year Prime Minister Malcolm Turnbull launched Australia’s $230 million Cyber Security Strategy. A major focus of the strategy is to boost collaboration between the public and private sectors.
While some see quantum computing as a development that will increase cryptography capabilities to make data even more secure, others have described the development of quantum computing as “WikiLeaks on steroids” or a “cryptopocalypse".
Professor Susilo says that Australia has the potential to become a leader in cybersecurity research, but currently suffers from a lack of cybersecurity professionals.
“We don’t produce enough of our own graduates … and we have the capability to do that,” Professor Susilo says.
One such UOW graduate is Chris (full name withheld for security reasons), who graduated from UOW with a Bachelor of Computer Science (Digital Systems Security), and now works as a cybersecurity account executive in Sydney.
“If necessity is the mother of invention, cybersecurity is the massive mother of innovation,” Chris explains.
Chris adds that he sees the need for more talent in cybersecurity and suggested that companies create graduate pools to help people keep building on existing skills.
As for quantum computing, he says it can be an advantage as much as a security threat.
“I think of quantum computing as the same as cold fusion – it always seemed 20 years off in its feasibility. As far as I can see, there’s a whole lot of stuff in quantum computing that invalidates cybersecurity as well as strengthens it.
“Criminals evolve and adapt, so cybersecurity needs to evolve and adapt.”
Dr Thomas Plantard is a senior research fellow at UOW’s Centre for Computer and Information Security Research and says that we have to be ready for quantum computing before it arrives – but that we shouldn’t see it as a “cryptopocalypse”.
“You can’t say we can’t build cars because bad people will use them,” Dr Plantard says. “Clearly it will be a long evolution, but people need to be aware.”
The French-born Dr Plantard has been researching post-quantum cryptography for 10 years and is currently working with Professor Susilo. He says governments are spending money on developing quantum computing, but the focus needs to be foremost on the preparedness for the technology.
So, is Australia ready for the age of quantum computing? Professor Susilo says, yes and no.
“Yes, we can import talent, but I would like to see more graduates from Australian universities,” he says.
With Professor Susilo predicting that quantum computing is between 10 to 15 years away, it’s interesting to think that in 1997 a computer scientist at the Xerox PARC computer research centre predicted that many people would have a notebook-size computer within a decade or so.
Professor Willy Susilo
Master of Computer Science, UOW 1996
Doctor of Philosophy (Computer Science), UOW 2001
Chris [Surname withheld]
Bachelor of Computer Science (Digital Systems Security), UOW