“The reality of quantum computing is probably 10 to 15 years away, yet it merits our attention now,” says Dr Seungyun Lee of the joint committee on information technology (JTC1) set up by IEC and ISO.
“The excitement in the industry for this new paradigm of computer hardware is understandable, given the promise of far greater computational power with whole new multidimensional capabilities.”
The technology looks set to bring massive benefits, such as accelerating medical research, making advances in artificial intelligence and perhaps even finding answers to climate change. But it also poses a huge risk for some of our most sensitive data. Quantum computers will be powerful enough to crack the encryption codes that currently protect all our sensitive data, from mobile banking to medical records. That is because the science of cryptography is at the heart of cyber security.
Mobile phone calls, messaging and online banking all rely on complex mathematical algorithms to scramble information in order to protect it from malicious hackers, spies and cyber criminals. It is no exaggeration to say that there would be no confidentiality or security online without encryption and that many of the operations we take for granted today would no longer be feasible. Faced with increasing cyber attacks against critical infrastructure — including but not limited to power utilities, transport networks, factories and the health care industry — encryption is evolving to meet the threat.
The most prevalent system nowadays is public key encryption. It works by giving users two keys: a public key, shared with everyone, as well as a private key. The keys are large numbers that form part of an intricate mathematical algorithm that scrambles a user’s messages. The sender encrypts a message by using the receiver’s public key in order that only the intended recipient can unlock it with her or his private key. Even though the public key is freely available, the numbers involved are sufficiently large to make it very difficult to reverse the encryption process with only the public key.
As computers become more powerful, however, and in the face of rogue states with the technology resources to pose a more serious threat, cryptographers are turning away from mathematics and looking to physics — specifically the laws of quantum mechanics — to achieve greater security. Wikipedia defines quantum cryptography as “the science of exploiting quantum mechanical properties to perform cryptographic tasks.”
That is because quantum cryptography is based on the behaviour of quantum particles, which are smaller units than molecules. For example, an encryption system called quantum key distribution (QKD) encodes messages using the properties of light particles.
The only way for hackers to unlock the key is to measure the particles, but the very act of measuring changes the behaviour of the particles, causing errors that trigger security alerts. In this way, the system makes it impossible for hackers to hide the fact that they have seen the data.
The threat is so great that scientists are urging organizations to start looking at and adopting quantum encryption systems. Quantum computers may not be available for another decade, but quantum cryptography has already been available for a few years.
Quantum cryptography is an area of interest for two key expert groups at the IEC:
- IEC Technical Committee (TC) 65 on industrial-process measurement, control and automation, which is responsible for the IEC 62443 series of standards on industrial communication networks system security
- ISO/IEC JTC 1/Subcommittee 27 is best known for the ISO/IEC 27000 series of IT cyber security standards.
The joint technical committee set up by IEC and ISO is currently preparing a report on quantum computing. The study will provide context and analyze trends, including the latest developments in technology and activities in the open source community. It is expected that the report will recommend creating an International Standard on quantum computing as soon as possible. Such a standard would cover concepts and terminology in order to facilitate better communication and understanding in industry, academia, governments and standards committees.