Cybersecurity and quantum computing

The continuous improvement of calculation and communication speed in computers leads to new possibilities for cyber criminals. Protection of large amounts of data by using encryption based on heavy calculations is becoming harder and harder. In fact it is a losing game. Data are hacked because they can be sold.

There could be a solution. When what is being stolen is worthless, people will not steal it. So when we do not store it in large amounts but in very small amounts, individually, the cost of hacking is too high.

One has to remember how information technology has been developed. Based on the organization of work in corporations, computers were used to replace manual work. Computers and electronic communication replaced data on paper and send by post by data stored in databases and send by e-mail. To open an account with a bank one originally had to go to the bank with several physical documents. One has to sign a contract on the spot so the signature ?could be checked against for instance the signature on the identification document. Then copies would be made and stored in files which would be used every time when the individual made a transaction or when the bank wanted to make contact with the client. The computers allowed to store the information and communicate digitally, but the process stayed the same: the Know Your Customer (KYC) process is still the same and all information about the individual is stored centrally at the bank.

The result is clear: the KYC information is valuable for cyber criminals and the more individuals have accounts with that bank, the more interesting it will be. More and more measures have to be taken to protect the data. Which leads to the mentioned rat race with the cyber criminals. Quantum computing will allow for even a higher calculation speed. This will require new encryption techniques like for instance single photon transmission for exchanging key information. But this will not end the rat race.

?

In fact governments have given a new direction to go: data minimalization, electronic identification and ?two way authentication. Data minimalization means that only those data are used and stored, which are necessary for a particular process. So when the onboarding has been finished and the client is accepted, we do not keep all the client data; we just need an electronic authorized signature and an identification when the client wants to make a transaction. Often the argument is used that one has to know, who made the transaction and whether that person is still allowed to make that transaction. But checking whether someone is on a sanction list can be done independently from the actual transactions; in fact most organizations check all their clients regularly to spot changes to act accordingly. The same applies for the identification; in Europe institutes are working together to create a European identity wallet service allowing on- and offline identity. In that case the identity is requested during the process but there is no central storage. When using combined with a two way authentication one can create all types of contracts, including smart contracts in blockchains without showing any personal information.

This idea of an identity wallet could even be extended to a self-sovereign identity (SSI) wallet. ?In a SSI wallet the identity information is enriched with historical data. The SSI wallet is not only being used to identify but also to support the user in the decisions regarding new contract. When for instance a bank offers a loan, all data in the SSI wallet will be matched with the data of the offer to allow the individual to make a decision.

The client collects the data and stores the data in the SSI wallet. Financial capital information combined with for instance human capital information and social capital information stored in the SSI wallet creates a rich source of data, which can be used in different situations. By storing that information with the user it becomes uninteresting for a cybercriminal; the value of the information of one person is normally not enough to cover the costs of hacking. A necessary condition is off course that the information in the SSI wallet is secured in a way that it will be different per person using biometric data.

When we implement a SSI wallet, what do we still need centrally? The answer is the ledger showing the exchange of capital transactions and a signed (smart) contract. There will be no personal data in the ledger system; one could even use a public blockchain for the ledger as long as the data in the ledger do not allow for tracing the identity of the person who signed.

The combination of SSI wallets for the individuals with public ledgers for the smart contracts and transactions are the perfect setup for the use of AI-agents. AI-agents, self-executing AI algorithms will be executed anytime when a new (smart) contract has to be traded. The AI-agent will process the data of the SSI wallet and the ledgers to offer different consequences of the contract to the individual and to the service provider. Or the AI-agent is triggered by a change in the SSI wallet or the ledger informing both parties of new possibilities or problems.