Global expert urges Hong Kong companies to adopt quantum cryptography to improve security
Dr Michele Mosca says using the ‘unbreakable keys’ between two parties as well today’s cybersecurity technology is best protection firms can have
One of the world’s foremost cybersecurity experts is warning companies in Hong Kong, particularly financial institutions, to review their methods of detecting online security breaches and should consider implementing so-called “quantum cryptography” to keep critical data and infrastructure safe.
Dr Michele Mosca, a co-founder of the Institute for Quantum Computing at the University of Waterloo in Canada, is warning that emerging technology threatens to undermine even the most sophisticated cybersecurity systems installed by businesses and governments.
Using quantum cryptography is expected to help organisations buttress their cybersecurity systems.
It allows users to generate an unbreakable key between two parties exchanging information via the use of quantum particles.
“Quantum computing will break some of the fundamental tools underpinning cybersecurity,” he said, pointing out that scalable quantum computers are now closer to reality, which makes it imperative for enterprises in Hong Kong to adopt more advanced cryptographic techniques.
“As a data centre hub, Hong Kong needs to convince its customers that the data stored is not going to be read in the next 20 years, that it is safe doing business in Hong Kong now and in future,” said Mosca, who is also a special advisor on cybersecurity to the Global Risk Institute in Toronto.
A quantum computer harnesses the behaviour of particles in the sub-atomic level to perform calculations, as well as store and transmit information, at speeds faster than any previous computer.
While conventional computers process and transmit data via binary 1s and 0s, subatomic particles, quantum computers are able to exist in more than one state at any given time – known as “superpositioning”.
“A quantum computer opens the door to learning the pattern [of a problem] without seeing all the pieces … like learning the forest, without looking at the trees,” said Mosca, adding that a quantum computer’s ability to do this would render much of today’s cryptographic methods in cybersecurity obsolete, leaving data easily accessible to hackers.
“We need new tools that will be resistant in the context of quantum computers, and we want to base these tools on a problem that quantum computing cannot break,” he said.
But to learn anything about the quantum state, Mosca said first you have to “disturb it”,
“This allows us to establish a key – for example, I could prepare and send some quantum particles in a certain state, and [when it reaches the other party] we can analyse it to determine if there has been any disturbance, if someone has been trying to snoop.”
“If there isn’t, then there is no eavesdropper and the [channel] is secret. Quantum cryptography is not like a conventional key which uses a complex mathematical problem that can be secretly recorded and later subjected to cryptanalysis.”
To establish this quantum key distribution, Mosca said that what is required is a quantum channel – access to optical fibre or free space, and a hardware box at each end that would be able to generate and send quantum particles. He estimated that a 20-kilometre channel could cost between US$100,000 and US$200,000.
Mosca assured that the cost of quantum cryptography technology would fall with time, and performance will become more efficient.
Hong Kong, with its relatively small area, will have less of a distance problem when establishing channels for quantum bits as compared to countries like Canada.
The smaller distance also means that it would be cheaper for companies in Hong Kong to install such a set-up, Mosca said.
“Having quantum cryptography on top of today’s state-of-the-art cybersecurity technology is the best protection these companies can have.”
Mosca expects quantum cryptography to become standard offering from cybersecurity vendors within the next five to 10 years.