You may not have had cause to ponder it, but the everyday computers we take for granted operate by performing logical operations on ‘bits’ of information. Each bit is a binary unit of information, and can have only a value of either 0 or 1. In the simplest sense, today’s computers perform their many useful tasks by passing these bits, one at a time, through a series of electronic logic gates. The more logic gates a computer has, the faster it functions.
And while the drive for ever more computing power has led to ever greater miniaturisation of logic gates and ever faster operating speeds, one thing has ring-fenced this progress. There is a physical limit to how small the logic gates can be: no smaller than an atom.
Breaking the rules
But what if your computer didn’t follow those rules, but instead the rules of quantum physics? The detail reads a bit like science fiction (for example, positing multiple parallel universes), but a consensus is forming that a small ‘quantum computer’ could be operational within 10 to 20 years. Such computers would operate using units of quantum information known as qubits, which can be a mixture of both 0 and 1. And when multiple qubits are combined they can store vastly complex data. For certain types of calculation, a quantum computer might perform exponentially faster than any current computer can and efficiently factorise very large numbers. This would have huge consequences.
That’s because modern cryptography is based on the assumption that certain mathematical problems are infeasibly difficult to solve unless you have a cryptographic (public) key. The predicted ease with which a quantum computer could solve these problems could render current public key cryptosystems impotent. Some experts predict that within the next 20 years, sufficiently large quantum computers could be able to break all public key schemes currently in use.
Whether we can estimate exactly when quantum computing will arrive, leading organisations and governments are already taking action to upgrade information security systems to resist it. The National Institute of Standards and Technology (NIST) in the USA and the European Telecommunications Standards Institute (ETSI) are just two such organisations. Efforts to develop quantum-resistant encryption technologies are intensifying, as is the standardisation of post-quantum public key cryptography.
NIST has already accepted scores of proposals for quantum-resistant public key encryption, digital signature and key exchange algorithms. It intends to announce selected algorithms for standardisation within the next three to five years.
Safe to wait?
For the majority of users, waiting for the emergence of such standards and protocols is the recommended approach. For those protecting long-lived or highly classified information (such as the military, banks and telecoms companies), however, the risks are more complicated. Some suggest that the illicit harvesting and storing of encrypted data may be taking place today, with the intention of decrypting it in future with a quantum computer.
Indeed, the UK Government has already invested heavily in a National Quantum Technologies Programme and amended the UK Enterprise Act 2002 to give it greater powers to intervene in mergers and acquisitions of UK companies involved. In June this year, it took steps to extend those powers to include cryptographic authentication technology.
As a result, transactions involving a UK target company active in these technology areas in the UK will fall within the scope of the Act if the target company either has a turnover in the UK of at least £1 million (down from £70 million for non-sensitive sectors) or at least a 25% share of the UK’s market for the particular goods. Meeting either test may bring government intervention, and this could result in a merger or acquisition being unwound, frozen or subject to other conditions.
The new UK rules on M&A apply to businesses that research, develop, design or manufacture goods for use in these technologies or supply services based on them. This includes the creation of relevant intellectual property (IP), whether in the UK or elsewhere, even if it has not yet been put to commercial use. Here, even ‘intellectual property’ is defined very broadly to include ‘…any information or technique…’ that is not protected by a patent, trade mark, registered design, copyright or design right, but has: ‘…industrial, commercial or other economic value’.
This clearly relates to confidential know-how and technology trade secrets. And the intrinsic value of many new high-tech start-ups rests in the talent of their people and just such know-how, as well as the registered IP owned by the business. From an investor’s perspective, these assets will often determine a major part of the value of the company.
Clearly, the UK Government’s action could therefore have a cooling effect on potential investment in the quantum technology and post-quantum cryptography sectors. Potential purchasers or partners are likely to take the new rules into account during the due diligence phase of deals and may take a more cautious approach when assessing the attractiveness of the target business. An awareness of these factors, and an early assessment of the potential risk of Government intervention, could help in managing the process of negotiating such deals.
On the other hand, cryptography technology businesses could view this as a valuable opportunity to develop new cryptographic products compliant with the new post-quantum standards. In this respect, businesses wishing to benefit from this opportunity should keep a close watch on developments from standards-setting authorities, such as NIST and ETSI.
Meanwhile, quantum and cryptography technology businesses whose core assets include their confidential know-how and trade secrets should be aware of the risks that future quantum computing presents to those assets today.
Research and post-quantum cryptographic standards activity are underway and many expect that consensus on these will emerge soon. That said, the prevailing view already is that those wishing to protect confidential information for at least the next decade must take action now.
Written by Andrew Fearnside