Security Company Sandbox AQ Seeks to Protect Data from Future Quantum Threats
A lot of people are hired at various digital and non-digital companies with the job of preventing or intercepting problems that are associated with that company’s computer systems. But how does one go about planning for problems and technology that have not been invented yet? Yes, you read that right. There are future problems that current computer systems have to deal with now. And some of these problems will come from technology that has not yet been invented.
In what sounds like a great storyline for a movie, a company called Sandbox AQ ( which stands for AI and Quantum) has been signing clients to fix problems that are expected in the future. And from systems that have not even been invented yet. Of course, we are talking about today’s computers being compromised by quantum computers.
Charles Q. Choi has written an article for spectrum.ieee.org that is a wake-up call for AI tech-reliant companies. Choi writes that SandBox AQ which is a new spin-off from Google’s parent company Alphabet, is warning that sensitive data is already vulnerable to quantum computers.
Even though quantum computers aren’t really in operation just yet, hackers are stealing programs and codes and saving that data to decrypt later when they have quantum computers ready to break into that protected information.
“We know for a fact that store-now-decrypt-later attacks are happening right now, and their frequency will only increase the closer we get to delivering a fault-tolerant quantum computer,” says David Joseph, a research scientist at Sandbox AQ in Palo Alto, Calif.. “Once encrypted data has been exfiltrated, there is no way to protect it from future decryption and exploitation.”
Future Depends on PQC Algorithms
To stay ahead of quantum computers, scientists around the world have spent the past two decades designing post-quantum cryptography (PQC) algorithms. These are based on new mathematical problems that both quantum and classical computers find difficult to solve. In January, the White House issued a memorandum on transitioning to quantum-resistant cryptography, emphasizing that preparations should begin as soon as possible
So yes, most major technologies and manufacturers will be forward-thinking with their security. But to defend against cutting-edge weapons or quantum cyber attacks is a tall order. Some of SandboxAQ’s clients are definitely major players, including Mount Sinai Health System, telecommunications firm Softbank Mobile, communications technology company Vodafone Business, and Web developer Wix.
It has also reeled in investors, including the CIA’s venture capital arm In-Q-Tel and cybersecurity-focused investment firm Paladin Capital Group. Former Google CEO Eric Schmidt is serving as the chairman of its board of directors.
The main difficulty in executing store-now-decrypt-later attacks is figuring out which data to target, “as there will be an enormous volume of encrypted data and only a finite amount of quantum computing resources,” Joseph says. “We expect the first quantum-enabled adversaries will be nation-states, and it may not be public knowledge exactly when one of them gains access to a large, fault-tolerant device capable of breaking RSA-2048.”
RSA-2048 is considered the gold standard of data encryption.
It’s easy to see that with an enormous volume of data that needs to be protected, comes the enormous costs of developing in-house security or hiring companies that can operate in a quantum world. Quantum technology is in its infancy but it won’t be for long.
Sandbox AQ argues that governments, businesses, and other major organizations must begin the shift toward PQC now.
read more at spectrum.ieee.org