I first heard the phrase “quantum Y2K moment” in March, at a conference sponsored by the University of Bristol, UK. The idea that a quantum computer could break the cryptographic systems that protect Internet traffic was news to me, and I thought at the time that it would be an interesting thing to write about. But I had other things on my plate, so I noted it down as a possibility for later in the year and turned my attention elsewhere.
Fast-forward a few months, and all of a sudden it seemed like everyone else wanted to write about this problem, too. By chance, my article came out on the same day as a piece in the New York Times, and (somewhat to my chagrin) about six weeks after articles in the Economist and the University of Cambridge’s public-relations newsletter.
So why is this topic — which was until recently the exclusive preserve of quantum physicists and cryptographers — suddenly getting so much attention? “I think it’s partly that people have woken up to cybersecurity and network security in the last year or two,” says Chris Erven, a Bristol physicist who kindly sat down to discuss the quantum Y2K problem with me. Well-publicized data breaches at companies from TalkTalk to Facebook have helped raise awareness, he adds. So have the EU’s General Data Protection Regulations (GDPR), which came into force in May and allow companies to be fined up to 10% of their annual revenue for mishandling data.
Technological advances have played a part, too. Quantum computers are much more of a “thing” now than they were a couple of years ago (though powerful ones are still a long way off), and nothing concentrates minds like a looming threat. But cryptographic systems that rely on quantum physics to keep data secure have also improved. Another person I spoke to for my article, Rob Thew of the University of Geneva, Switzerland, told me that he’s been trying to get companies interested in quantum cryptography for 10 years, but has only recently had much response. “There’s been a real shift in the last few years now that this technology is sufficiently mature,” he told me. “Industry people are realizing that, okay, it’s quantum technology, but I don’t need to care about that. It’s a black box. It functions. It does what I need it to do.”
The next step, he says, will be to get these quantum “black boxes” certified by national standards agencies, so that non-experts know the hardware is doing what it’s supposed to. “For an engineer to come in and plug into the device and be able to put a stamp on it and say, ‘this is certified quantum’ – this is something that I think a lot of industries are still waiting for,” Thew says.
Christopher Chunnilall, a senior research scientist at the UK’s National Physical Laboratory, concurs. “These devices are physical devices and the security very much depends on the hardware implementation,” he says. Before quantum cryptography can enter the wider consumer market, he says, agencies like his will need to develop protocols for testing large volumes of devices.
All in all, it seems like the quantum Y2K story will remain relevant for a good while yet, and I’m sure you’ll see even more articles about it in the future. In the meantime, if you’re intrigued by what you’ve read here, and want to learn more about the problem from the dozen or so scientists I’ve spoken to over the past couple of months, please do have a look at both the article itself and at Physics World’s “Quantum horizons” collection, which delves deeper into quantum technologies and their potential impact on the commercial world.