A new report by the consulting firm Booz Allen Hamilton on China’s steady push for quantum supremacy is making waves on Capitol Hill and in board rooms across the country.
This isn’t surprising. The report’s conclusions echo what we’ve repeatedly been warning and writing about in this column, and why I founded the Hudson Institute’s Quantum Alliance Initiative (QAI) nearly three years ago. With Booz Allen’s name attached to the warning label, the imperative to take seriously a future quantum threat from China now has additional cachet and reach.
Nonetheless, the report doesn’t just underscore the QAI thesis, that ”the anticipated cracking of encryption by quantum computers must be treated as current threat” and that “most of quantum computing’s potential lies more than a decade in the future—but risk management must start now.” It also produces some new insights that make for scary and sobering reading.
At the same time, there’s some good news for the quantum skeptic or the What Me Worry About Quantum? crowd. Despite the huge amount of money and resources China has poured into the quantum effort (a $11 billion research facility in Anhui province, plus Ali Baba’s $ 15 billion commitment); and the clear focus on quantum supremacy as a national priority, China is no further along than anyone else in creating the large-scale quantum computer that will be capable of cracking open existing public encryption systems. BAH’s estimates of when to expect that breakthrough hover around 2030 and 2033—no great surprise—although at least one expert touts it coming as early as the late 2020’s. Others see nothing on the horizon until 2040.
But the report’s authors also acknowledge that, as with all technologies, quantum science doesn’t advance in a straight predictable line. “Changes in quantum computers will likely appear dramatically rather than as some smooth evolution—creating substantial exposure to strategic surprise as a major source of risk.” That includes the real possibility of a breakthrough that confounds the experts and makes us all accelerate our own time-lines for becoming quantum secure.
BAH has some interesting insights into the quantum threat that exists right now, and what China is planning to do with it.
That issue is data harvesting, or what we might the “steal now, decrypt later” strategy. In China’s case, that threat manifests itself by stealing data to feed a concerted move toward quantum simulation in which classical and quantum computers work together on a specific problem, e.g. decryption, with the classical computers managing the big data sets and quantum computer executing the hardest part of the exercise. China has set 2025 as its deadline for quantum simulators that can outperform classical computers, which means Beijing will have “a growing interest in stealing data to feed quantum simulations.”
The threat, of course, doesn’t stop there. The second phase is stealing encrypted data with the goal of decrypting when the technology is finally ready. This is because any data stolen today that doesn’t have quantum-resistant encryption will “be eventually accessible to an adversary with a large-scale quantum computer.” This constitutes a breakthrough of “unfathomably immense” value, according to one NSA official, “allowing the decryption of current and historical data collected over years, held in anticipation of this capability.”
Booz Allen concludes “Chinese actors may soon increasingly target encrypted data with intelligence [value] in anticipation of future quantum decryption capabilities.” That doesn’t mean government secrets like intelligence community sources and methods, weapons systems and specifications, and classified and sensitive data of all kinds. It includes corporate secrets like intellectual property and business models and privileged client information—everything an upstart rival Chinese firm needs to become a market colossus overnight after decrypting the competition’s crown jewels. For all these reasons, China’s data harvesting “creates immediate security risk for classified and sensitive data of long-term value.”
Conclusion? “The anticipated cracking of encryption by quantum computers must be treated as a current threat.” As we’ve been arguing all along at QAI, this is because the timeline to protect data and networks from quantum intrusion will be almost as long. The reports notes, for example, upgrading system to the National Institute of Standards and Technology’s long-awaited standards for quantum-resistant algorithms “will have a very long timeline” that will “necessitate highly disruptive changes to communications protocols, schemes, and infrastructure over at least a decade” (my emphasis).
Fortunately, as we’ve illustrated with our Executive Guides to quantum technology, companies already exist in the U.S., Canada, Australia, and Europe that already offer solutions that are quantum-resistant and/or quantum-based, which can protect against present as well as future quantum cyber threats.
All this reinforces the point that attention to quantum readiness and quantum security must become a national priority, not just for government but for companies and institutions that don’t want to be caught with their data and networks burning down, because they ignored an earlier fire alarm.
Read in Forbes