Unique challenges for National Security guarding secrets in a Quantum world
THE RISE OF THE QUANTUM SUPREMACY RACE
Emerging quantum computers present a set of unique challenges for national security. National security is a complex and multifaceted domain, and various challenges arise due to technological advancements, geopolitical shifts, and evolving global threats.
With tens of billions of dollars of investment, nations are racing to develop quantum capabilities, producing an “arms race” reminiscent of the nuclear arms race of the 20th century. For major powers like the U.S. and China, it is not just about achieving a technological milestone. It's intertwined with global power dynamics, national security, technological supremacy, and economic dominance — making it a central concern for policymakers, technologists, and strategists worldwide.
Mastery in quantum technology will establish a country as a global leader in the next wave of tech innovations. This supremacy can influence other nations' policies and alliances, similar to how nuclear dominance did in the 20th century. Technological leadership often translates to increased soft power, influencing global culture, education, and diplomacy. Winning the quantum race will no doubt enhance a country's global image and leverage.
Quantum computing promises breakthroughs in various fields, from drug discovery to financial modeling. The nation that leads in quantum technologies will potentially dominate these sectors, reaping significant economic benefits. Further, quantum technologies have applications in radar, sensors, and communication systems which will provide major advantages in military and intelligence applications such as surveillance, defense, and warfare.
THE QUANTUM THREAT: SILENT CHALLENGES LOOM
National security faces unique challenges from emerging large-scale quantum computers. Quantum computers have the potential to break many of the cryptographic systems currently in use. A nation with a sufficiently powerful quantum computer could decrypt sensitive and classified communications of other nations, gaining a significant intelligence advantage.
With the ability to break traditional encryption in the future, adversaries are intercepting sensitive communications today for decryption later. This is the “Harvest Now, Decrypt Later” strategy which has the potential to lead to devastating intelligence breaches resulting in significant intelligence disadvantage.
MUCH IS AT STAKE
While NSA and other DoD entities are closely following the cryptographic landscape and looming threats, many other parts of government are less informed. The U.S. Government (USG) has LOTS of sensitive data requiring protection for a long time (10+ years). USG classifies a wide range of information to protect national security, the economy, and the safety of its citizens.
Executive Order 13526 governs the classification, safeguarding, and declassification of national security information across the U.S. departments and federal agencies. The default declassification time is 10 years, but certain information is marked to remain classified for up to 25 years. Exceptionally sensitive information is classified for even longer! There is a huge variety of sensitive USG data for which it is essential to provide long-term protection.
- National defense information, including military strategies, weapons systems, intelligence operations, and defense technologies have long term value. This includes how intelligence is gathered, and human sources.
- DoE has data related to the design, manufacture, or use of nuclear weapons or related materials that can remain classified indefinitely!
- Health and Human Services handles various types of enduring confidential records: personal health information, child and family services, disease surveillance data, biological and chemical threat data.
- Treasury and Federal Reserve operations can have classified financial information that if disclosed, could impact national security or economy.
- There is sensitive technological research and cutting-edge advancements within DoD, NASA, DOE, National Laboratories NIH, DARPA.
- DOJ handles highly sensitive information in specific contexts related to investigations on counterterrorism, counterintelligence operations, information related to cyber threats, cyber espionage, and cyberattacks against U.S. infrastructure, organized crime, drug trafficking details, witness security program, and FISA orders.
- Personal information about government employees, military personnel, or contractors, especially those with security clearances, need to be protected for a lengthy time.
- Official Personnel Folders contain records that cover an individual's employment history with the U.S. Government. The folders are transferred to the National Personnel Records Center and retained for 65 years from the date of separation.
- Employee Medical Folders are retained for 30 years.
- Security Clearance Records are retained for 15 years, while others are kept for the duration of the individual's clearance.
- Retirement Records are retained indefinitely or until they are no longer needed.
UNKNOWN TIMELINE FOR CRYPTOGRAPHIC SECURITY
Quantum computing holds the most promise and the implications for businesses and governments are colossal. Many technological advances are needed to realize significant quantum computing capabilities. There is no consensus on when quantum computers will be able to scale to sizes needed that threaten cryptographic security. There are many approaches to quantum computing - all of which continue to make promising progress!
- Superconducting qubits are actively pursued by IBM, Google, and Rigetti
IBM predicts 1000 qubits by 2023, and 1 million qubits in 2030
Google predicts 1M qubit device by 2029
- IonQ and Honeywell are working on Trapped Ion quantum computers.
IonQ predicts 1024 algorithmic qubits by 2028.
- Microsoft is a proponent of the fault-tolerant Topological qubits.
- Atom Computing is building quantum computers using Optically Trapped neutral atoms.
- PsiQuantum is creating an error-corrected quantum computer based on Photonic qubits.
PsiQuantum predicts a million photonic qubits by 2025
Is the actual timeline even relevant? Whether a quantum computer is realized in 5 or 10 or 25 or 45 years away, USG has a problem TODAY - a big problem.
Here’s another question: What if a future quantum computer is NOT required to break today’s public key cryptography? In other words, is there a possibility that other computing schemes could break current cryptographic systems. In 2020, a 829-bit RSA number was factored using open-source software, with a total computation time of ~2700 core-years, using Intel Xeon Gold 6130 CPUs (16 cores, 2.1GHz). An estimate based on Moore's Law would put computer calculations per second, per $1,000, at 10^23 (equal to all human brain power globally).
There is a plethora of next-generation computing from next-generation micro-electronic components to quantum-based to neuromorphic, optical, and biological computing. Large corporations as well as startups and research institutions around the world are working on these next-generation technologies. For instance, CatalogDNA, known for storing information in DNA, is now working on enabling massively parallelized computing using nucleic acid.
New computing paradigms will change computing and it’s unlikely that there will be only one winner. Instead, multiple technologies, each domain specific, will likely work as part of hybrid systems in previously unimaginable ways. The field is dynamic, with new players ever emerging and existing ones making continuous advancements.
SOLVING THE ENCRYPTION DILEMMA
Famously, in WWII, the German Enigma machine, while formidable, was compromised due to poor policy which led to operator error. This squandered Enigma’s advantage. Whereas the British were incredibly well-organized leveraging 10,000 people to break codes and read communications with arguably less advanced technology. Smart, forward-thinking policies can drive technological advantage, even when the technology is simple. Conversely, even the most advanced technologies can be rendered ineffective if they're hamstrung by poor policies.
There is an analogy here of quantum-safe security. Sophisticated lattice algorithms may be formidable and may also be compromised due to poor implementation and complexity - squandering the mathematical advantage. Whereas the mature, symmetric ciphers can be incredibly effective for a defense-in-depth approach for the future of cybersecurity.
Arqit’s Symmetric Key Agreement leverages block ciphers such a s AES256, Ascon, or a custom bring-your-own stream cipher. This approach limits complexity (i.e., the enemy of security) while providing agility, low-risk to implementation vulnerabilities, low latency, and scalability in a standard-compliant fashion today.