Governments and corporations need to start thinking about quantum era security right now, says Waterloo researcher
David Jao
Professor, Faculty of Mathematics
> David R. Cheriton School of Computer Science, Cross-Appointed
> Chief Cryptographer, EvolutionQ Inc.
> Director, Centre for Applied Cryptographic Research
Along with all the exuberance about the potential of future quantum computers, there are worries.
Quantum computers might help researchers simulate and develop new drugs or novel material designs, but that power could also be used to literally break the internet.
Governments and corporations need to start thinking about quantum era security right now, says David Jao, who leads a large research group in “post-quantum” cryptography at the University of Waterloo and is also the chief cryptographer at a Waterloo startup, evolutionQ Inc.
A hostile government or group could develop a quantum computer, so implementing quantum-safe security right now is imperative, says Jao, a professor in the Department of Combinatorics and Optimization in Waterloo’s Faculty of Mathematics.
“If we don’t do anything, it would be like going back to the old days when there was no computer security,” Jao says. “It could break all the encryption we have today, all the public key encryption, which affects almost everything.”
EvolutionQ, which was co-founded by Michele Mosca, a professor in the Faculty of Mathematics and member of the University of Waterloo’s Institute for Quantum Computing (IQC), is helping government agencies, corporations and organizations prepare for that quantum future.
Even if an encryption-breaking quantum computer is 10 or 20 years away, it is not too early to start making secrets quantum secure, Jao says.
A lot of information we are generating right now, like health records, has to be kept for many decades. So, unless we re-encrypt all of that, it could be exposed if a quantum computer were built 10 years from now.
Also, it takes many years for large government agencies, banks and industries to switch over to any new encryption system. “It’s not just a matter of flipping a switch and it happens overnight,” Jao says.
Jao works on “post-quantum cryptography” algorithms, which is software based on what we know a quantum computer of the future might be able to do. “Even though we don’t have these quantum computers yet, we can predict what they should be able to do from the laws of quantum mechanics,” he says.
Jao has developed a new type of post-quantum cryptography that is a variation of the elliptic-curve cryptography (ECC) approach to public-key cryptography that is in use today.
Although there are not yet quantum computers to test it out on, his approach has been put through computer simulations and it looks like it is going to work. “It is a more complicated encryption that, as far as we know, should be safe against quantum computers.”
The big job is to convince governments, the financial industry and major corporations to start taking the quantum future seriously and that’s what evolutionQ is trying to do.
The U.S. government’s National Security Agency (NSA) and National Institute of Standards and Technology (NIST) have already put out statements saying that the next set of cryptography standards will need to be quantum secure, so that in itself should be taken as a warning, Jao says. “We are saying that this is coming and we can help you if you like.”
Feature image photo credit: truelight/iStock/ThinkStock
