Scientists predict that quantum computers will eventually be able to solve incredibly complex computational problems much faster than any technology we have today. They could bring massive benefits, but the technology also poses a huge risk for some of our most sensitive data.
Quantum computing could accelerate medical research and facilitate the modelling of climate change, but they will also be powerful enough to crack the encryption codes that currently protect all our sensitive data, from mobile banking to medical records. That is because the science of cryptography is at the heart of cyber security.
Mobile phone calls, messaging and online banking all rely on complex mathematical algorithms to scramble information in order to protect it from malicious hackers, spies and cyber criminals.
It is no exaggeration to say that there would be no confidentiality or security online without encryption and that many of the operations we take for granted today would no longer be feasible. Faced with increasing cyber attacks against critical infrastructure — including but not limited to power utilities, transport networks, factories and the health care industry — encryption is evolving to meet the threat.
The most prevalent system nowadays is public key encryption. It works by giving users two keys: a public key, shared with everyone, as well as a private key.
The keys are large numbers that form part of an intricate mathematical algorithm that scrambles a user’s messages. The sender encrypts a message by using the receiver’s public key in order that only the intended recipient can unlock it with her or his private key.
Even though the public key is freely available, the numbers involved are sufficiently large to make it very difficult to reverse the encryption process with only the public key.
As computers become more powerful, however, and in the face of rogue states with the technology resources to pose a more serious threat, cryptographers are turning away from mathematics and looking to physics — specifically the laws of quantum mechanics — to achieve greater security. Wikipedia defines quantum cryptography as “the science of exploiting quantum mechanical properties to perform cryptographic tasks.”
Computers store data using two states: on or off. These are called bits and are represented as a 1 or a 0. Quantum bits have more states that are changing continuously.
That is because quantum cryptography is based on the behaviour of quantum particles, which are smaller units than molecules. For example, an encryption system called quantum key distribution (QKD) encodes messages using the properties of light particles.
The only way for hackers to unlock the key is to measure the particles, but the very act of measuring changes the behaviour of the particles, causing errors that trigger security alerts. In this way, the system makes it impossible for hackers to hide the fact that they have seen the data.
The threat is so great that scientists are urging organizations to start looking at and adopting quantum encryption systems. Standardization experts are already working on standards to make this process easier.
Quantum cryptography is an area of interest for two key expert groups at the IEC:
- IEC Technical Committee (TC) 65: Industrial-process measurement, control and automation, which is responsible for the IEC 62443 series of standards on Industrial Communication Networks – Network and System Security.
- ISO/IEC JTC 1/Subcommittee 27, part of the Joint Technical Committee (JTC) set up by the IEC and the International Organization for Standardization (ISO) to work on International Standards for information technology. SC27 is best known for the ISO/IEC 27000 series of Standards.