As things stand, we expect that the encryption that underlies the security of the world’s current cyber infrastructure will be undermined by the advent of quantum computing. It has been estimated that there is a 1/7 chance that quantum computers will be able to break deployed public-key cryptography by 2026, and a 1/2 chance by 2031.
A number of Canada’s international peers have acknowledged this approaching threat and taken steps to respond. For example, in 2015 the United States National Security Agency announced its intention to migrate to quantum-resistant technologies.
Canada has acknowledged the threat, but must also respond vigorously and proactively, and migrate from traditional encryption to new, quantum-resistant cryptography. If we don’t, our national security will be jeopardized as government, communication, electrical power and other critical infrastructure systems become vulnerable to hostile actions because of weak cryptography.
The challenge is that the necessary suite of mature and tested quantum-resistant cryptographic algorithms is not yet available. Nor are the technologies and tools based on them. Nor are the cybersecurity experts with quantum-safe skills who will use the tools to diagnose each system separately, determining what needs to be done to ensure that it is quantum-resistant.
Scientific research is underway to discover and test quantum-resistant algorithms, and to use the properties of quantum mechanics to create new forms of cryptography such as quantum key distribution (QKD). In time, products of this research will be incorporated into a number of new tools and commercialised. And, in time, a number of cybersecurity professionals with quantum-safe skills will emerge from colleges and retraining programs. Yet without a strong impetus to focus efforts and resources on a long-term campaign to meet the potentially catastrophic quantum threat, the response will be woefully inadequate – too little and too late.