Quantum Computing and Encryption Security’s Impact on Healthcare Privacy
It sounds like science fiction: quantum computing – immense computing power allowing multiple concurrent computing functions and math computations at speeds previously unimaginable. But it is increasingly becoming a reality. While still in the equivalent of early mainframe computing, more powerful quantum computers are being developed every day, with the promise to disrupt the way we use data and ultimately improve healthcare.
To understand how quantum computing is different from traditional computing, consider this. A traditional computer solves a query or problem by looking at several options at various points and finding the best answer. At the same time, quantum computing allows all the variables at once in a speedy shortcut. A regular computer limits the computer processing to one input (bits) at a time. In a quantum computer, qubits can be on, off, or both simultaneously, essentially doing the work of four regular computers at once. Imagine how this technology can impact healthcare data, such as predictive modeling.
Why is a technology that is still in infancy stages important? You can thank Peter Shor and his quantum computer algorithm. We can use the historical roadmap for conventional computing, starting with mainframes to personal computers to mobile devices, to predict quantum computing’s rise. The roadmap is very important for manipulating data in ways we can only visualize, though terrible for existing encryption methods. Shor’s algorithm can “break” most modern-day encryption methods allowing for decryption of the protected data.
This algorithm is an inconvenience for most industries that rely on encryption to protect their data because the value of that data decreases significantly over time. For example, if a company’s encrypted credit card data is stolen, by the time it can be decrypted, the data is no longer useful. Credit card numbers are short-lived and easily changed. Even some personally identifiable information (PII) is short-lived. People move, change phone numbers, and email addresses, and cancel their accounts altogether.
So, what about your personal health information? That is long-lived. If you have shoulder surgery when you are 18, you will have had that surgery until the day you die. You cannot suddenly erase the fact you had shoulder surgery or say that it expired last year. The encrypted database backup of your medical history stolen by hackers (“bad actors” in cybersecurity lingo) can sit around for years, just waiting for the computing power of quantum computing to reach the point it can be decrypted, and the information exposed.
There is already significant progress in making quantum computing a widely available cloud solution. Microsoft is taking early adopters on its Azure Quantum cloud offering, and even developed Q#; it’s quantum sibling to .NET’s C# and F#. Amazon has Amazon Braket. Many more are sure to come soon, especially with the financial incentives to manipulate your data at unheard of speed.
The good news is there are already companies offering solutions to this dilemma. However, be aware that there are caveats. IBM has a quantum-safe effort called Quantum Safe Crypto Support and Extended IBM Cloud Hyper Protect Crypto (I sure hope they shorten that to an acronym!). NIST has been working on their Post-Quantum Cryptography Standardization project since 2016 and, as of this writing, has announced the round 3 candidate list for public key, key establishment, and digital signature algorithm encryption methods.
The NIST project is of particular importance. Remember the caveats mentioned earlier? A big one is the lack of standardization. There have been plenty of examples in the past of technology that runs ahead of an established standard and becomes unsupported or unusable. You do not want your important data encrypted with an algorithm that ceases to exist!
This problem, and other encryption deficiencies are already being addressed in another way: homomorphic encryption. It is generally believed that homomorphic encryption will be quantum computing safe. In simple terms, homomorphic encryption allows you to interact with encrypted data without decrypting it and has enormous potential solving even modern-day application problems. Many customer support systems perform customer lookups using PII data, like social security numbers. Imagine being able to search for a customer’s social security number without decrypting the data in the database, or even worse, storing it unencrypted. Homomorphic encryption provides a level of confidence when data sharing because it stays encrypted. It is not the end-all-be-all, but for its intended purposes, it significantly decreases the risk of data exposure both before and after the maturity of quantum computing.
Relating to healthcare, imagine being able to easily and safely hand over an EMR database without any modification or sanitization to a research lab that only needs to know how many patients tested positive for COVID-19 and if they had any complications (basic yes or no database fields). This would allow you to safely share important data with other entities without the worry of information leakage.
Using a paraphrased example from this 2010 article, Alice, a jeweler, doesn’t trust that her employees won’t steal raw materials. So, she puts the materials in a clear box with a lock for which only she has the key. Alice gives the box to an employee to assemble the jewelry inside using the gloves integrated into the box. The employee can perform the work but can’t get to the materials themselves to steal, so they return the box to Alice, which she can now unlock.
Once again, Microsoft is leading the charge when they released their new open-source library, Simple Encrypted Arithmetic Library (SEAL). IBM, Intel, start-ups, and universities are also working hard to advance homomorphic encryption.
To make data sharing work, you must establish trust, and encryption plays a role. Being aware now and choosing quantum-safe encryption methods when available will ensure the privacy of your long-lived data.
Content may have been edited for style and clarity.