This technology promises an exponential leap in processing power, with the potential to crack many of today's encryption algorithms. However, it also offers exciting opportunities to enhance firms’ cyber security.
The key to understanding why is understanding that quantum computers use quantum phenomena. Regular computers use clear rules (1s and 0s) to solve problems. But for uncertain things, like guessing outcomes, they’re not great. Quantum computers use tiny particles (qubits) that can be both 1s and 0s at the same time. This lets them check all the guesses at once, making them very powerful for these uncertain problems. (Find out more using this explainer from the FT).
This dynamic means that the raw processing power of traditional computers increases proportionally with the number of capacitors or bits, whereas a quantum computer becomes exponentially more powerful with every qubit. Hence, they are far more efficient at solving very complex problems that supercomputers might have difficulty with. For example, in 2019 Google claimed that its quantum computer had completed a calculation 158 million times faster than the fastest supercomputer.
Quantum computing’s threat to cyber security
The most significant threat quantum computing poses to cyber security is its ability to break widely used encryption techniques and standards such as RSA, AES and ECC.
Current encryption methods rely on the difficulty of factoring large numbers into their prime components without a ‘key’. It would take a standard computer dozens or even hundreds of years to break current industry-standard encryption. These problems are ones that a quantum computer could solve exponentially faster through probabilistic algorithms – potentially within a matter of minutes. This means that data encrypted with these methods today may become vulnerable to decryption in the future when quantum computing becomes commercially viable.
With encryption compromised, hackers could gain access to valuable data, including bank accounts, transactions and confidential business records. This exposure to data theft or manipulation also raises the spectre of financial fraud, corporate espionage or even sabotage of critical systems.
Opportunities quantum computing offers
As the technology continues to emerge and the risks it poses are better understood, new fields are emerging to protect or mitigate these risks.
Quantum-safe or post-quantum cryptography is a field dedicated to developing encryption methods that can withstand quantum computing attacks. The Institute of Electrical and Electronics Engineers has published a quantum-safe public key cryptographic standard and the US Department of Commerce’s National Institute of Standards and Technology has also published a number of encryption algorithms, which are designed to be quantum-safe. Accountants can begin preparing for this quantum future by adopting or asking third parties to adopt these encryption techniques.
Quantum computers could also be used to enhance cyber security. Quantum key distribution uses quantum phenomena to generate unbreakable encryption keys and a line of communication that can detect when a third party is trying to gain knowledge of these keys. This technology has already been tested and expanded by the United States Defence Advanced Research Projects Agency and separately by the Chinese and Austrian governments. The latter was the first video call enabled by such a network and the proof of concept of what is intended to be a global quantum encrypted network by 2030.
Similarly, it is believed that these machines could use their immense computational power to process large data sets faster and more efficiently. As a result, they could be well suited for the detection and identification of anomalies in a system to better combat fraud and identify hostile actors on systems. Or they could be used to enhance risk modelling given that many risk models are probabilistic in nature.
The role of accountants in quantum-enhanced cyber security
Quantum computing presents both risks and opportunities for cyber security in our profession. The threat to encryption should not be underestimated, but the promise of quantum-safe cryptography, quantum cryptography, faster data analysis, and enhanced risk assessment offer exciting possibilities to be considered.
As quantum computing continues to evolve, accountants and financial professionals have a crucial role to play in ensuring the security of data. Some steps you can take are:
1. Keep informed: staying up to date with developments in quantum computing and quantum-resistant cryptography is the first step to making informed decisions about data security. The National Cyber Security Centre has a white paper on cryptography methods that are quantum-resistant. However, a key point of guidance is that further clarity is needed from standard-setters on which methods can optimise for security and performance.
2. Implement quantum-safe methods: adopt quantum-resistant encryption methods upon the release of standards and begin flagging these methods to third parties.
3. Collaborate with cyber security experts: work closely with experts to develop comprehensive strategies for quantum-enhanced cyber security.
ICAEW will be hosting Information Commissioner Jonathan Edwards on 6 November. The Commissioner will be speaking on the challenges that emerging technologies and in particular AI pose for existing data protection and privacy laws. Book here to attend.
Cyber security awareness
Each year ICAEW marks global Cyber Security Awareness month with a series of resources addressing the latest issues and how to protect your business.