Data transfer and file transfer technologies have long been the backbone of how businesses share information securely across networks. So, when it comes to the topic of Quantum Computing - which is no longer just the stuff of science fiction - it becomes clear a technological revolution is on the horizon, poised to redefine the way we process and secure data. To unpack this fascinating and complex subject, we sat down with the expert at Diplomat MFT, Greg Hoffer, Chief Executive Officer at Coviant Software, to tackle the big questions: What is Quantum Computing? How does it work? And what does it mean for the future of data transfer and managed file transfer technology?
What is Quantum Computing? How does it work and how is it Evolving?
Quantum Computing is a way of processing data using qubits rather than bits. Bits are binary (1 and 0) and can only exist in only one state, whereas qubits can exist in multiple states simultaneously. That means, a computer processor running with qubits can perform calculations at speeds, that are exponentially faster than even the fastest standard computer can manage. Thus, a complex problem that might take a standard computer thousands of years to solve could be solved by a Quantum Computer in a matter of minutes.
The advances are not only in the speed at which Quantum Computing can perform calculations, but also in the algorithms for determining answers, using the completely different mechanisms for representing information that is offered by the superposition capabilities of qubits.
Viable quantum computing has two major problems to overcome:
-
Determining the state of a qubit at any moment
-
Instability of the computing platform when exposed to common physical disturbances like heat and vibration leading to errors. Many error correcting techniques are being applied (and invented) to overcome this
What Industries will be Most Affected by Quantum Computing and are there Associated Regulations?
The algorithms on which today’s public key cryptography are based are, essentially, extremely complex mathematical problems that it would take thousands of years for a standard computer to solve. For that reason, public key cryptography is a safe way to encrypt data today. Every industry uses public key cryptography to safeguard data. What’s more, the public infrastructure on which data is transmitted is secured by public key cryptography. Every phone call, financial transaction, text message, email, business or medical file transfer moves along that infrastructure. But by using a Quantum Computer, it would be easy to intercept encrypted files and communications and crack the encryption code, putting all digital data at risk of compromise.
Quantum Computing provides a sea change in how computations are performed, allowing for completely new approaches to solving problems. Regarding cryptography, a foundational element of keeping data secure is based upon the mathematical complexity of factoring very large prime numbers. The RSA and Diffie Hellman cryptography mechanisms are based upon this fact. A modern computer attempting to find the prime factors of a 2048-bit RSA key would take 300 trillion years (because the algorithm is exponentially hard (10^34 steps on a 1 ThZ computer è 317 trillion years). However, using clever algorithms on a functioning Quantum Computer with 4099 stable qubits can break RSA-2048 in only 10 seconds (10^7 steps).
Another significant threat is digital signatures. These rely upon the same complex maths, so a Quantum Computer can trivially forge digital signatures. Contracts, loan agreements, identity/authentication credentials, Bitcoin wallets, etc. are all threatened by Quantum Computing!
Elliptic Curve cryptography uses different maths for determining keys, and currently do NOT suffer from the same threat as RSA and DH; however, clever mathematicians are hard at work and there is no guarantee this remains safe for long in the face of Quantum Computing advancements.
How does Quantum Computing Apply to Managed File Transfer Technology?
When files are transferred using a secure, managed file transfer solution like Diplomat MFT, they are first encrypted to ensure that only the recipient can understand and use the data. A Quantum Computer would render that encryption useless for the same reason.
Many very smart people are aware of the existential threat that quantum computing poses to digital security. The U.S. National Institute of Standards and Technology (NIST) recently adopted new standards for “post-quantum cryptography,” or a new way to encrypt data that would, in theory, be unsolvable using a Quantum Computer. Coviant Software follows these developments closely and has kept pace with these standards so that our Diplomat MFT solution can support them. Diplomat MFT currently supports “quantum resistant” elliptical curve cryptography, and we will support the newer standards in our next product update.
The problem is, post-quantum standards developed today can’t be tested against the power of an actual quantum computer, and so they are only theoretical. They might be easily broken.
How is Diplomat MFT Evolving to Remain Up-to-date with the Evolution of Quantum Computing and Quantum-Resistant/Post-Quantum Cryptography?
This is important because there are many threat groups—both cybercriminal and state-sponsored organisations—currently engaged in a practice known as “Quantum Harvesting.” They are intercepting and storing encrypted data now in anticipation of a day when they will be able to open and read those files using a Quantum Computer. That harvesting includes government and military secrets, financial records, intellectual property and more.
Any, and all network traffic can be "sniffed" and stored in anticipation of Quantum Computing becoming stable. At that point, all sniffed traffic can be trivially broken and the contents easily discovered. This probably doesn't matter for things like website visits (unless you don't want people to know you were visiting Ashley Madison, e.g.), but what about online purchases (credit card/PayPal/Venmo/etc. info), messaging apps (iMessage, Signal, Snapchat, etc.), or even file contents sent over SSL/SSH, even PGP encrypted files or files encrypted at rest (e.g., S3 or Azure Blobs). Nothing is safe!
Quantum Computing: How Close Are We?
Most experts believe we are anywhere from five to twenty years from the development of a viable quantum computer. But billions of dollars are being invested in quantum innovations and it would be foolish to bet against the efforts of these very smart people. And some estimate that it will take years to fully transition from standard public key cryptography to workable algorithms that are unbreakable even in a post-quantum world.
The point is: Quantum Computing poses an existential threat to our current digital security standards, but the benefits to humankind far outweigh the risks. We can cheer on those who will one day make quantum computing a reality so long as we are diligent in our preparations to guard against its misuse.
What to do in the meantime?
I. Assess use of cryptography throughout your organisation (SSL/TLS, SSH, PGP, Zip, Digital Signatures, Smart Cards, DNSSEC, Disk Encryption, etc.) to understand what is currently used and what can be further protected (e.g., switch to Elliptic Curve crypto)
II. Keep up to date on advances in Quantum Computing, e.g. NIST
III. Apply Quantum Safe crypto everywhere possible, be ready to mandate it
