Security CEO and founder of Safe Quantum Inc. , working with data-driven companies to define, develop and deploy quantum-safe technologies.


When it comes to computer security, these are no doubt perilous times—from state-sponsored cyberterrorism to corporate espionage to ransomware attacks on data held within e-commerce or healthcare systems.

Yet did you know that the computer security that most of us rely on was invented more than 46 years ago in 1976? Stanford’s Whitfield Diffie and Martin Hellman published the seminal "New Directions in Cryptography" research paper and introduced the concept of public-key encryption with one security-altering sentence: “We stand today on the brink of a revolution in cryptography.”

With the advent of quantum computing, I would argue that we are not only at the brink of a new world in data security but we are at a daunting precipice.

It took decades for public-key encryption and its commercial Advanced Encryption Standard (AES) to become the de facto standard for data and communications protection. And this expansion and adoption happened at a time when data was, well, infinitesimal.

The data generated today is quite nearly unfathomable. Just one person on the Internet produces 1.7 megabytes of data per second—that’s 146,880 megabytes per day for a single user of the Internet. Another estimate puts the total estimate of “new” at 2.5 quintillion bytes of data per day.

One of the reasons public-key encryption and its direct derivatives have been successful is because traditional computers are slow. They’re not fast enough to compute in a reasonable amount of time massive amounts of data and break the keys that secure data transmissions from sender to receiver.

In “harvest now, de-crypt later” cyberattacks today, bad actors steal encrypted data and then hold onto it until a computer or new technology will enable them to break the security and access the data.

That day is near. Once quantum computers achieve some degree of commercial viability, that encrypted data will no longer be safe. The speeds of quantum computers will open locked doors, allowing criminals—including enemy governments—to harvest and access key information.

To give just one threat scenario, consider something as “brick and mortar” as undersea telecommunications cables.

As incredible as it sounds, 426 submarine communication cables that are similar in size to a household garden hose transmit 97% of Internet traffic. That’s roughly all Internet traffic—meaning state secrets, healthcare data, personal data and trillions of dollars in daily financial transactions.

While intentional sabotage is rare, there is evidence to support the theory that if tapped, these cables could give adversaries critical data to be held until it can be decrypted.

There is one way to protect data from a quantum computer, and it uses quantum technology to do it.

Quantum key distribution, or QKD, creates secure nodes at each end of a transmission that encrypt the data using randomly generated encryption keys. These keys are not hackable, thanks to physics. The key protecting the photon carrying the qubit of quantum-encrypted data will be damaged if it’s interfered with in any way. It will still be accessible to the permitted recipient but not to anyone else.

The U.S. government is about two years away from finalizing a new post-quantum cryptography (PQC) algorithm as part of a strategy to protect against quantum attacks. But the question is whether your organization can afford to lose two years’ worth of data to potential harvest attacks.

Using QKD as the first line of a comprehensive security strategy, companies and governments can protect themselves against harvesting attacks now. QKD security is based upon the immutable laws of quantum mechanics and provides forward secrecy that is immune from mathematical approaches used to subvert algorithm-based security.

Deploying QKD and PQC in tandem will provide defense in depth. This strategy relies on multiple approaches to protect sensitive data and must be as different as possible so that there is no commonality of failure mechanism. QKD and PQC together meet this condition.

With the knowledge that it took more than 40 years for companies, governments and emerging technologies like e-commerce to standardize public-key encryption solutions, we must understand the gravity of what we’re now facing as quantum computers become a reality.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?