Robert Morgus is a senior policy analyst and Justin Sherman is an intern with New America’s Cybersecurity Initiative.
Secrets matter, and exposing them can shake the world. In the last decade, the world has witnessed Wikileaks’ publication of US diplomatic cables, Edward Snowden’s classified NSA documents, and the Panama Papers that disclosed tax avoidance strategies for the rich and the famous.
Take a moment to imagine a global leak, an explosion of data unlike anything the planet has yet seen, where the innermost secrets of virtually every government, corporation, and entity on the planet are thrown open. Then combine this with the collapse of all trust on the internet.
What would result is an undeniable destabilization of cyberspace and arguably geopolitical stability. Although it would be preferable to brush it off as some dystopian vision from the latest Netflix series, quantum computing could make it a reality.
What is quantum computing?
Quantum computing promises to revolutionize information processing, creating incredibly powerful computers (although not replacing current ones). Quantum computers use quantum bits (or qubits)—which can be held in multiple states—to store information, rather than the traditional 1s and 0s (which are in a single state). This allows each qubit to hold exponentially more information. A quantum computer may process qubits at the same rate, or even slower, than a conventional computer would process a regular bit, but because each qubit contains so much more information, a quantum computer has to process fewer qubits to reach its output. Thus, the improvement is “not in the speed of the operation…but in the number of operations needed to reach a result.”
What this means is that quantum computers with enough qubits will be able to quickly untangle problems that would take a traditional computer decades or centuries. These computers don’t exist yet, but they are theoretically possible. In some instances, quantum computers may be able to perform tasks that are currently impossible altogether, like creating ultra-efficient supply chains, modeling geopolitical risk, and turbocharge artificial intelligence. This can be used for immense good, but, like many technologies, it may also have devastating consequences, such as breaking all public key encryption, reducing the value of private key encryption, and threatening to expose the world’s secrets. Some may favor the radical transparency this would bring, but it would also greatly damage the way individuals trust online interactions.
The threat to the internet
Current quantum computers are not able to untangle the complexity of molecular interactions or factor large prime numbers. However, in the future, quantum computing may be able to do just that. And because a sufficiently powerful quantum computer could run Shor’s algorithm and factor complex prime numbers, encryption would be of limited utility.
Asymmetric (or public key) encryption—the primary means of establishing the trusted relationships over the internet that underpin e-commerce and any other interaction that requires trust between users—would no longer ensure that trust. Symmetric (or private key) encryption of certain key lengths, which largely guards data stored “at rest” (in databases and the like), could likewise be threatened. In short, it would mean the end of: (1) encrypted state and commercial secrets and (2) trusted computing connections.
What should be done about it?
There is incredible destabilizing potential if this powerful technology falls in the wrong hands. As Representative Will Hurd said last year, “In the same way that atomic weaponry symbolized power throughout the Cold War, quantum capability is likely to define hegemony in today’s increasingly digital, interconnected global economy.” When a new technology arises that poses a threat to strategic stability, arms control—where nations self-regulate the development and use of a technology—is often a logical solution.
However, arms control may not be effective for quantum computing for a number of reasons. To name a few, quantum computing’s effects don’t physically harm people as easily as most weapons technologies and corporations and academic institutions have access to quantum devices in addition to nation-states, which means agreements between countries cannot safely control quantum computing. Arms control has only ever arguably worked where the means to develop or arrest development has rested squarely in the arms of states. Nonetheless, work to establish trust between developers and ensure that quantum computing technology does not fall into the wrong hands is feasible.
However, recognizing the inability of arms control to adequately prepare for quantum computing, the best solution is hardening devices, systems, and networks against its threats. Cryptologists are developing “post-quantum” (or “quantum-proof”) encryption algorithms resistant to these new computers’ attacks. Although these efforts are in some ways reassuring, this won’t be enough: these algorithms must still be implemented worldwide before the moment a powerful quantum computer is developed.
In the case of asymmetric key encryption, quantum-proof upgrades are required to protect internet communications. The same is required for symmetric key encryption—perhaps achieved by substantial increases in key length—to guard information stored on hard drives and servers.
Governments, corporations, and academics should accelerate the development of quantum-proof encryption, and they should push its implementation within their own jurisdictions. U.S. policymakers, for instance, could use the federal acquisition regulation (FAR) to push quantum-safe encryption in federal agencies and across the defense industrial base.
The global reaction to quantum computing’s dangers should neither be utter panic nor technophobia; such responses are not only misplaced but almost never lead to optimal outcomes. However, policymakers need to quickly address this emerging technology and the very real threats it presents. The world will be safer as a result.