This article was originally published on the BTQ Blog on October 25, 2023.

If quantum computers large enough to break modern encryption aren’t here yet, why does quantum security matter?

As of July 2023, 5.2 billion people, almost two-thirds of the world’s population, are internet users. By 2025, we expect to see around 38.6 billion devices connected to the internet, and by 2030, this number is projected to reach 50 billion. With the rise of quantum computing, new vulnerabilities and weaknesses in current encryption methods have been revealed, raising serious concerns about potential quantum attacks.

The quantum security market, because of the requirements to upgrade to quantum-safe encryption and the huge potential costs of not following through on innovating, is one of the earliest opportunities in the rapidly expanding field of quantum technologies.  And waiting until a large-scale quantum computer that can use Shor’s algorithm to break two forms of modern cryptography, RSA and Elliptic Curve Cryptography (ECC), is not an option.

Quantum Security Market Growth

The base of our digital infrastructure needs to be replaced. RSA and ECC cryptography algorithms are used across every aspect of our communications online, and new solutions are needed to guard against quantum attacks. Solutions in post-quantum cryptography, meaning cryptography that uses mathematical problems to stand up against quantum attacks, means the technology can be delivered before quantum computers expand to larger-scale systems.

The amount spent on quantum security is projected to increase quickly due to the need for quantum-safe security solutions, especially in financial services, healthcare, critical infrastructure, and government sectors. In BCG’s report “What Happens When ‘If’ Turns to ‘When’ in Quantum Computing?”, cryptography’s value creation potential ranged from $40-$80 billion for corporate and government applications. These sectors deal with large amounts of sensitive and confidential data, which if compromised, could lead to catastrophic consequences for national security. This opens doors for new market leaders and early adopters of post-quantum cryptography solutions.

This value creation potential is not just theoretical. Corporations are not spending money because it’s fun or because they believe that quantum computing is becoming a threat. It’s required. Governments and international bodies are setting regulations and timelines for vendors to move to post-quantum encryption schemes. Many of these entities even funded the creation of quantum computing technologies through academic grants and industry funding, so they keep track of the success of the quantum computing field while balancing interests in security.

Regulatory Landscape & Policy Development:

The international regulatory landscape has to evolve to accommodate the advancements in quantum computing. Governments and international bodies are actively working on establishing regulations to ensure the secure development and deployment of quantum security.

In the USA in 2022, President Biden announced two directives to advance quantum technologies. The directives lay the groundwork for continuing funding quantum computing and related technologies, while also drawing awareness and creating funding for mitigating the risks that quantum computers pose to national and economic security.

These directives require federal agencies to update their cryptographic systems and start planning their transition timelines. The National Security Memorandum provides a roadmap for agencies to audit their systems. They are required to set and meet specific milestones. Doing so will help federal agencies get the support they need to fully and effectively protect their networks from future exploitation by quantum computers. Upgrading security is not easy, so starting early is key for data that can be exploited for use years or decades in the future.

To continue supporting the industry in moving towards a post-quantum future, the  Cybersecurity and Infrastructure Security Agency (CISA), the National Security Agency (NSA), and the National Institute of Standards and Technology (NIST) have created a factsheet to help organizations with a transition plan and steps to create a quantum-reading roadmap before the post-quantum cryptographic standards release in 2024.

Even if it seems early in quantum computing’s history, with the quantum security standards not yet released, they are designed to mitigate risks and create a secure foundation for advancing quantum computing and quantum security.

Opportunities

According to McKinsey’s Quantum Technology Monitor released in April 2023, $2.35B was invested in quantum technologies companies in 2022. Additionally, China invested $15.4B in public funding for quantum technologies, the European Union invested $8.4B, and the US invested $3.4B, with additional commitments coming in 2023.

These investments can help propel the development of secure, innovative solutions and drive the growth of the quantum security sector. Venture capitalists and private equity investors are increasingly looking at opportunities in this space, recognizing the potential for substantial returns because of the requirements of highly regulated industries, like defense, aerospace, infrastructure, and finance. The landscape is open for companies and startups developing quantum-resistant technologies.

Development of Quantum-Resistant Algorithms:

With the impending threat of quantum attacks, there is a need for new cryptographic algorithms resistant to quantum computational capabilities. Current encryption methods, based on mathematical problems like factoring large numbers, would be easily broken by a sufficiently advanced quantum computer, leading to serious security implications.

Several quantum-resistant algorithms are in development, with some already standardized. These new algorithms aim to secure data against the unprecedented computational capabilities of quantum computers. While these algorithms will need to be open-source for trust, companies building software technologies that can easily upgrade and integrate post-quantum cryptography into their offering suite will be at an advantage.

Replacing Incumbents with First-Mover Advantage

Quantum-first startups and companies, that focus on developing quantum-resistant algorithms and quantum encryption technologies, can capture a significant market share before the sector becomes saturated. By being pioneers, these companies can establish themselves as go-to solutions for quantum security needs and gain customer trust. Many incumbent companies have slow development processes, and may not have the quantum expertise to create robust products. This opens opportunities for collaboration and licensing for companies in the quantum security space.

Differentiating with Crypto-Agility

Crypto-agility is a newer industry term that refers to the ability of systems to adapt to using new cryptographic algorithms and methods efficiently, without requiring large manual overhauls.

The slow pace of companies in adopting newer cryptographic standards, as observed in the transition to ECC and the multiple candidates being recommended by NIST for digital signatures, shows the importance of crypto-agility.  Quantum-first startups and companies emphasizing crypto-agility can help with smoother and quicker transitions for organizations and provide peace of mind with fallback plans, enabling them to stay ahead of the curve in terms of security. This capability can be a key differentiator, especially with slower incumbents that can’t ship new technology quickly, positioning quantum-first entities as leaders in the market.

Blockchain: Is Immutability the End of Cryptocurrencies?

Immuntability in Blockchain means that once data is recorded, it cannot be altered without altering all subsequent blocks, requiring the network's consensus. This characteristic makes blockchains secure against attacks and fraud with classical computers. However, many blockchains use ECC for transaction security and by having this ledger public and open, the vulnerable cryptography could be exposed and used for fraudulent transactions.

Despite these challenges, blockchains will not be “dead” in the face of quantum advances. Several strategies are being explored to secure transactions, add additional ownership signatures, and support the development of quantum-proof blockchains.

This transitional phase can be seen as an opportunity for innovation in blockchain technology.  With the development and implementation of quantum-resistant blockchains, as well as innovations in crypto-agility, blockchain projects that proactively address quantum vulnerabilities can gain a competitive edge, attracting users and investors concerned about long-term security.

Great Opportunities in Quantum Security

There is huge market value and impact potential and opportunities in quantum security before the first quantum attack. However, knowledge of both classical and quantum technologies, modern product development, and the best talent in both classical and quantum R&D is required to take advantage of these opportunities. The accelerated progress of quantum computers in the last several years shows the need to develop secure, quantum-resistant solutions, and the market is responding with promising innovations and developments. If human ingenuity has proven anything, quantum computing will likely reach the point where Shor’s algorithm can break encryption. The question is “when”, not “if”.

Standardizing and implementing new security protocols are complex processes, requiring rigorous testing and validation. A quantum-first approach offers lucrative opportunities for startups and companies to not only contribute to advancing the field of quantum technologies but also to capitalize on the need for security. By thinking “quantum-first,” companies have an advantage in a new field with few players, addressing the demand for innovative solutions and setting new standards in cybersecurity.