Click the screen below to access the recording of our 4 September webinar:

See webinar Here

Quantum computing, a technology that may soon outperform even the fastest supercomputers, is poised to have a profound impact on society, from financial modelling and fraud detection to cryptography, cybersecurity, drug discovery, quantum epidemiology, biomarker analysis, quantum chemistry, AI, and much more. Venture capitalists and big corporations have invested heavily in the technology, and the investments announced by national governments to date are in the order of $42 billion, with China leading the way with $15 billion alone. But the excitement around quantum computing is as great as the trepidation that comes with it.

Much of this excitement and trepidation is related to the current encryption methods in finance, defence and other high-risk areas. These encryption methods are safe against attacks by traditional, microprocessor based computers – but they may not be safe against attacks by the calculation power of quantum computers. Blockchain technology, for instance, relies on this very principle to ensure the security of on-chain transactions. These are signed on the blockchain with a private key that cannot be reverse-calculated from the public key, and then validated with a hash value that is too hard to crack. SHA-256 is a cryptographic hash algorithm jointly introduced by the NSA and NIST in 2001 and has been widely used in digital signatures, blockchain technology, password hashing, digital certificates, and even bitcoin encryption.

The threat of quantum computing lies in its speed and processing power. While classical computers would take many years to factorise, say, a 600-digit number, a quantum computer equipped with an advanced algorithm such as Shor’s would take no more than a few hours to do the job, an astonishing capacity that undermines the irreversibility – or “one-way-function” in technical jargon – that underpins the security of our most advanced encryption systems. Contrary to classical computers, which think in “bits”, a stream of electrical or optical pulses representing 1 or 0, quantum computers think in “qubits”, which are typically subatomic particles, such as electrons or photons, that can represent numerous possible combinations of 1 and 0 at the same time, a quantum property called “superposition”. In addition, qubits can also connect to each other and share a single quantum state, a phenomenon called “entanglement”. Combined, these two properties exponentially increase the computational power and number-crunching ability of quantum computers, to the point where they may eventually be able to decrypt any data.

This foreboding feeling hovering over quantum computing was recently borne out by the US Department of Homeland Security, which predicted that the decryption of all encrypted data could be feasible as early as 2030, the so-called Q-Day. This looming prospect has sent the US government in a race to move to quantum-resistant cryptographic methods. Current estimates suggest that around 20 billion devices around the world will need software upgrades, including mobile phones, laptops, servers, websites, mobile apps, and additional systems built into cars, ships, and planes.

Cybersecurity & Data Privacy

‘If this black swan event happens, then we’re really screwed’, said Gilbert Herrera, the NSA’s Director of Research, in May this year. And he has plenty of reasons to fret. Quantum computers hold the key to breaking asymmetric cryptography used in digital signatures, digital currencies, and everyday internet communications based on HTTPs. A quantum computer with 20 million qubits would need as little as 8 hours to break a 1048-bit public-key cryptosystem such as RSA. Malicious hackers and adversaries are betting on Q-Day and have already begun ‘harvest now, decrypt later’ (HNDL) attacks, storing data for future decryption with quantum computers. The European Data Protection Board (EDPB) and the European Data Protection Supervisor (EDPS) have already shown awareness of the risks associated with quantum technology, and Joe Biden's National Security Memorandum of May 2022 urged US government agencies to migrate systems to quantum-resistant cryptography. Similar recommendations were made by ENISA in a report published in October 2022, which looked at the integration of post-quantum systems into existing protocols and urged ‘hybrid implementations that use a combination of pre-quantum and post-quantum schemes, and the mixing of pre-shared keys into all keys established via public-key cryptography.’

As quantum technology inches its way towards Q-Day, some solutions are already in the works. Last month, NIST released a final set of encryption tools designed to withstand a cyberattack from a quantum computer as part of its post-quantum cryptography (PQC) strategy: FIPS 203, which specifies a cryptographic scheme for establishing a shared secret key between two parties communicating over a public channel, and FIPS 204 & 205, which specify digital signature schemes. These post-quantum encryption standards were designed to secure a wide range of electronic information, from confidential email messages to e-commerce transactions that propel the modern economy. Computer system administrators have already been encouraged to begin transitioning to the new standards as soon as possible. Alternatives to PQC include “quick fixes” that use longer encryption keys (e.g. AES 256 instead of AES 128), and quantum cryptography, which builds on the laws of quantum mechanics – rather than mathematics, as in traditional cryptography – to devise “theoretically unhackable” cybersecurity methods.

As far as European policies are concerned, quantum computing features among the general objectives and digital targets of the Digital Decade Policy Programme 2030. The list of possible areas of activity in which multi-country projects addressing those objectives could be carried out includes: (1) ‘acquiring supercomputers and quantum computers, connected with the European high performance computing (EuroHPC)’; and (2) ‘developing and deploying ultra-secure quantum and space-based communication infrastructures’. The goal is to be at the forefront of quantum technology by 2030 with a public investment of €7 billion, second only to China. Some initiatives are well underway. A good example is the Quantum Flagship, a large-scale, long-term initiative with an EU-funded budget of €1 billion that brings together research institutions, industry and public funding bodies. Also worth mentioning is the European Commission’s joint work with all 27 Member States and the European Space Agency (ESA) to design, develop, and deploy the EuroQCI, which will be a secure quantum communication infrastructure consisting of a terrestrial fibre network spanning the entire EU.

With regard to the legal landscape for quantum computing, some existing regulations come into view:

• Art. 25 GDPR, which provides for data protection by design and by default requirements;
• Art. 32 GDPR, which addresses the security of data processing, including the pseudonymisation and encryption of personal data;
• the European Chips Act, which facilitates low-cost and high-volume manufacturing of quantum chips in the EU;
• the Cyber Resilience Act (CRA), which includes product-specific cybersecurity requirements, including encryption;
• NIS 2 Directive, DORA, and RED, which contain sector-specific cybersecurity requirements;
• the AI Act, in particular the sections related to the regulation of high-risk AI systems;
• and the US Quantum Computing Cybersecurity Preparedness Act 2022.

Technology Protection: Patents

In terms of patentability, many elements of quantum computing are eligible for patent protection: (i) hardware components such as qubits, quantum gates and multipliers, quantum integrated circuit chips, compiler engines, decoders, the simulator and the emulator, the circuit drawer, the microarchitecture (QEX block and QEC block), the dilution refrigerator; (ii) quantum computing processes as methods; and (iii) quantum computing algorithms and software, provided they satisfy the relevant national patentability requirements for a software invention.

In January 2023, the European Patent Office (EPO) published a comprehensive report providing an insightful analysis of patent developments & trends in the field of quantum computing. The report shows that the number of patent applications related to quantum computing has skyrocketed in recent years all around the world. The graph below shows the rising number of patent families in the field of quantum computing over the last two decades with an an above-average share of international patent applications, suggesting high economic expectations in the technology and a multinational commercialisation strategy by the applicants.

The race to achieve leading patent portfolio positions in quantum computing technology has been raging for a good while now. Next to the big usual names also new ventures and start-ups can attract significant investments to develop new technology. Not only companies want to play a future role in this area, also universities and public entities show particular interest in research and development projects.

The challenges ahead

As quantum computing looms large on the horizon, it is clear that the development of the technology has raised many challenges that warrant immediate attention and appropriate responses. These include proposing appropriate ethical frameworks for the responsible use of quantum computing to address existential threats to human rights and democracies; proposing technology-neutral, future-proof, and dynamic regulations that keep pace with the development of quantum computing in key sectors; finding solutions to the problem of transparency deficits in the decision-making process of a quantum artificial intelligence; implementing necessary updates to current cybersecurity standards; and ensuring appropriate intellectual property protection against quantum computing, especially in the field of copyright.