Security in a post quantum world: Our first glimpse of a radical future in computing
In 1814 Pierre-Simon Laplace published an essay about the philosophy of probabilities, in which he pondered a type of intelligence that could analyse the position and direction of every object in the universe. Such intelligence would then be capable of predicting the entire future of the world, a possibility known as determinism, which has been essential in scientific thinking for over a century. It wasn’t until quantum theory emerged however, that it was suggested that determinism might not be real, and that instead we live in an ‘indeterministic’ world with the gift of free-will. To this day, people are still debating the issue, with the switch in thinking having never been quite as pressing as it is today. The impact of this train of thought on technology is something that I will explore in depth in this three-part series on securing the post quantum world.
Solving the world’s critical problems
Quantum computing is becoming more widely adopted, and we’ll soon see new quantum technologies such as quantum sensing and quantum internet radically changing our world. It means that for the first time in our history, we are implementing tools in our society that are indeterministic, with indeterministic challenges. However, this is at odds with how most people want to view the world and perceive things as certainties rather than the opposite. It is therefore difficult to imagine that by 2035-2040, our quantum world will enable many, if not most, of the things we use due to this indeterministic world. A quantum world that will help us fight global warming, chemical and material challenges, offer new financial tools, and enable us to view society with an added dimension. Regardless of whether we like it or not, we have been given an amazing new toolbox unlike we’ve ever had before; and we now need to unlock this technology’s potential to our advantage.
One of the main difficulties of quantum computing is that it radically changes our definition of “hard calculations” in computing. It also introduces a large insecurity about how future threats will affect us. The uncertain nature of security means that “just changing the encryption types” might not be the future-proof solution we’d like it to be. After all, trust is something we typically need safeguarding for our lifespan, and often even many decades after we have died. This requirement will not change, so we need to change our approach on how to ensure it, even in this brave indeterministic new world.
Trust as it always has been
Trust and security are deeply intertwined in the modern world. If I trust someone, it means that I allow this person to view or use assets that I consider to be my own. Whether these things are possessions, emotions or attributes doesn’t matter. On the other hand, assets that I have doubt entrusting to someone are the things I’d like to see secured. In this sense, security is shaping how we deal with trust, as the need for trust will not change in a post quantum world, but security does.
Our current image of security is the same as it has been for as long as civilization has existed; simple passwords and anagrams and more recently, encryption codes. They are all based upon the same simple principle; it is easy to use for the people that have the ‘key’, and as difficult as possible to use for those that don’t. This methodology assumes two things; namely that the attacker will try to find the original key and that there is a reason why this is difficult.
In a post quantum world, it is time to re-evaluate these assumptions. Of course, the goal of an attacker is not to find the key but to get in and compromise the secured assets. This goal will never change, but what if there is no key to find in the first place? What if finding the door is more difficult than finding the key?
Or what if both the gate-keeper and the attacker do not know, or cannot know, which key(s) are the right ones? In this scenario, the only way that the key will ever exist is if all the stakeholders achieve consensus, as if all attributing a minute part to the same key.
Additionally, we can choose to make our lives simpler and take away the reason to call something difficult. Something that is difficult means that at least one solution exists, but what if this wasn’t the case? What if our security is such that no solution exists or at least not one that I can use as a person? If no solution can be imagined usable, then surely it must be impossible and the attacker’s goal will be taken away altogether?
Choosing a password or finding a security solution that meets your requirements is your personal first step, but in a post quantum world, what happens after that step involves finding a strategy that enables your critical data, IP and assets to be secured…
Look out for the second part in this series on securing the post quantum world, in which I explore some of the different principles that can be applied to keep core assets protected.