umma.dev

Quantum Computing Meets English Law

Quantum computing represents one of the most transformative shifts in modern technology. By harnessing superposition, entanglement, and interference, quantum computers can solve problems that classical machines would take millennia to process.

Algorithms like RSA and elliptic curve cryptography (ECC), which underpin secure communication, banking, and national security, could become vulnerable by quantum breakthroughs.

The UK Government recognised this early. Its National Quantum Strategy (2023) outlines a ten-year plan to make the UK a quantum-enabled economy. The strategy emphasises quantum-safe cybersecurity, robust intellectual property frameworks, and public-private collaboration.

The Quantum Threat to Cryptography

Modern encryption relies on mathematical problems that are easy to perform but infeasible to reverse. RSA depends on factoring large numbers; ECC relies on solving discrete logarithms. Quantum computing threatens both through Shor’s Algorithm, which can factor large integers exponentially faster than any classical approach.

Here’s an example of the concept in TypeScript - factoring small numbers is trivial now, but quantum computing will scale this to RSA-level integers:

import { factorint } from "mathjs";

console.log(factorint(15)); // { '3': 1, '5': 1 }
console.log(factorint(10403)); // { '101': 1, '103': 1 }

Today this stops quickly. A quantum computer running Shor’s algorithm wouldn’t. That’s why cryptographic agility (the ability to switch algorithms easily), is vital.

Meanwhile, Grover’s Algorithm halves the effective key strength of symmetric encryption. The practical countermeasure is simple, double the key size. Using AES-256 instead of AES-128 effectively neutralises Grover’s advantage:

const subtle = crypto.subtle;

export async function aesGcmEncrypt(key: CryptoKey, plaintext: Uint8Array) {
  const iv = crypto.getRandomValues(new Uint8Array(12));
  const ciphertext = await subtle.encrypt(
    { name: "AES-GCM", iv },
    key,
    plaintext
  );
  return { iv, ciphertext };
}

The Post-Quantum Response: From Algorithms to Agility

To prepare for this new landscape, cryptographers are developing Post-Quantum Cryptography (PQC), classical algorithms resistant to quantum attacks.

The UK’s National Cyber Security Centre (NCSC) recommends hybrid schemes that combine existing algorithms with post-quantum ones during the transition. For example, X25519 can be paired with Kyber, a NIST-endorsed post-quantum key encapsulation method:

import { x25519 } from "@noble/curves/ed25519";

type Kyber = {
  keypair(): { publicKey: Uint8Array; secretKey: Uint8Array };
  encapsulate(pk: Uint8Array): {
    ciphertext: Uint8Array;
    sharedSecret: Uint8Array;
  };
  decapsulate(ct: Uint8Array, sk: Uint8Array): Uint8Array;
};

async function hybridHandshake(
  peerX25519: Uint8Array,
  peerKyber: Uint8Array,
  kyber: Kyber
) {
  const privX = x25519.utils.randomPrivateKey();
  const pubX = x25519.getPublicKey(privX);
  const ecdh = x25519.getSharedSecret(privX, peerX25519);
  const { ciphertext, sharedSecret } = kyber.encapsulate(peerKyber);
  const combined = new Uint8Array([...ecdh, ...sharedSecret]);
  return { pubX, ciphertext, combined };
}

This “belt and braces” approach ensures that even if one cryptosystem fails, the other maintains confidentiality, a principle echoed in UK public-sector encryption guidance.

Intellectual Property and Patents under English Law

As quantum technologies advance, legal questions arise, what exactly is patentable?

Under Section 1(2) of the Patents Act 1977, mathematical methods and computer programs are excluded from patentability unless they make a technical contribution. Courts have refined this over decades through landmark cases.

• Macrossan’s Application [1979] RPC 69: established that simply computerising a business process doesn’t make it patentable
• British Telecommunications’ Application (Falkirk) [1996] RPC 35: recognised that improvements in computer architecture or performance may constitute a technical contribution
• Aerotel v Telco Holdings & Macrossan [2006]: introduced the four-step test for determining patent eligibility, construe the claim, identify the contribution, determine whether it falls within excluded matter, and ask whether it’s technical
• Symbian Ltd v Comptroller-General of Patents [2009]: clarified that if software improves a computer’s operation itself (for example, by managing memory more efficiently), it can be patentable
• Halliburton Energy Services [2010]: extended this to domain-specific algorithms. In that case, for oil drilling, showing that context matters when determining technical contribution
• Pozzoli SPA v BDMO SA [2007]: refined the problem-solution approach for assessing inventive step, crucial when assessing non-obvious quantum inventions
• Genentech Inc v Wellcome Foundation Ltd [1989] RPC 147: reinforced that patents must claim more than a discovery or abstract principle, they must disclose a real technical advance

Together, these cases create a framework for evaluating quantum IP:

• Pure quantum algorithms like Shor’s or Grover’s are likely unpatentable, being mathematical in nature
• Hardware implementations, control mechanisms, or quantum error correction systems might be eligible
• Hybrid innovations, where quantum algorithms improve hardware performance or cryptographic systems, will hinge on whether they produce a genuine technical effect

The balance between protecting innovation and avoiding monopolisation of fundamental science lies at the heart of English patent jurisprudence.

Data Protection and Quantum Risk

Under UK GDPR and the Data Protection Act 2018, organisations must adopt appropriate technical and organisational measure to safeguard data. As quantum computing matures, regulators may interpret this as requiring quantum-resistant encryption for long-term data protection, especially for sensitive data such as medical or financial records.

A hybrid re-encryption approach can demonstrate compliance and future-proof systems:

// Re-wrapping a stored AES key under a hybrid post-quantum key
async function rewrapDek(
  rsaWrappedDek: Uint8Array,
  rsaPrivateKey: CryptoKey,
  peerPubX25519: Uint8Array,
  peerPubKyber: Uint8Array,
  kyber: Kyber
) {
  const dekRaw = new Uint8Array(
    await crypto.subtle.decrypt(
      { name: "RSA-OAEP" },
      rsaPrivateKey,
      rsaWrappedDek
    )
  );
  const ephPriv = x25519.utils.randomPrivateKey();
  const ephPub = x25519.getPublicKey(ephPriv);
  const ecdh = x25519.getSharedSecret(ephPriv, peerPubX25519);
  const { ciphertext, sharedSecret } = kyber.encapsulate(peerPubKyber);
  const wrapKey = new Uint8Array([...ecdh, ...sharedSecret]);
  return { ephPub, ciphertext, wrappedDek: wrapKey };
}

This mirrors the legal principle of anticipatory compliance: foreseeing emerging risks, a concept already implicit in ICO guidance.

Legal and Policy Frameworks in the UK

The UK’s policy approach to quantum computing combines innovation with legal prudence:

• The National Quantum Strategy (2023) focuses on fostering growth and securing IP rights
• The National Cyber Strategy (2022) emphasises transitioning public-sector systems to quantum-safe encryption
• IPO guidance (anticipated) is expected to clarify quantum-related IP issues, from algorithmic ownership to cross-border data use

English common law’s flexibility is an asset here. Through evolving case law, the courts can adapt the meaning of technical contribution, just as they did in Aerotel and Symbian, to meet new quantum contexts.

The Future of Quantum and Common Law

English law has always evolved through precedent. Quantum computing will test those precedents again, from IP ownership to data protection duties.

Expect courts to:

• Clarify patent standards for hybrid and hardware-bound quantum innovations
• Develop data protection precedents around encryption adequacy
• Adapt technical contribution tests for AI-quantum convergence

For developers, that means thinking like both engineers and legal architects. Systems should be crypto-agile, allowing for seamless algorithmic upgrades:

export interface Kem {
  name: string;
  keypair(): Promise<{ publicKey: Uint8Array; secretKey: Uint8Array }>;
  encapsulate(
    pk: Uint8Array
  ): Promise<{ ciphertext: Uint8Array; sharedSecret: Uint8Array }>;
  decapsulate(ct: Uint8Array, sk: Uint8Array): Promise<Uint8Array>;
}

export class KyberKem implements Kem {
  constructor(private mod: any) {}
  name = "Kyber-1024";
  async keypair() {
    return this.mod.keypair();
  }
  async encapsulate(pk: Uint8Array) {
    return this.mod.encapsulate(pk);
  }
  async decapsulate(ct: Uint8Array, sk: Uint8Array) {
    return this.mod.decapsulate(ct, sk);
  }
}

Crypto agility is the engineering equivalent of common law’s adaptability - both evolve without needing to be rewritten from scratch.

Finally…

Under English common law, the challenge is to foster innovation while preserving fairness, open science and data integrity.