In October 2019, Google announced that it had reached quantum supremacy — the company’s quantum processor was able to perform a calculation in minutes that would take today’s classical computers 10,000 years to complete.
With Amazon recently announcing that it will launch its own version of quantum computing-as-a-service, it joins Google, IBM, and Microsoft in the race to develop the first fully functioning and commercially viable quantum computer. These tech giants are competing against nation states, with the U.S. and China each dedicating significant federal funding toward this goal.
In theory, quantum computing would help solve equations and create simulations that are beyond the reach of even the most powerful supercomputer. This would allow for far more accurate real-world modeling, generating significant advances in medical research, weather forecasting, particle physics, and AI, among others. The transformative potential exists for many fields, but, without question, quantum computing’s most destabilizing potential is in the field of cybersecurity.
Potential Threat to Encryption
To safeguard data, devices, and systems, security professionals rely on encryption. Encryption algorithms use mathematics, particularly prime factorization — breaking down a large number into the product of smaller prime numbers — to create public-private key pairs. These encryption algorithms are designed to have solutions that are so computationally expensive they are practically impossible. As an example, a group announced it had uncovered the key to a symmetric 64-bit encryption in 2002, but it took 300,000 people 4.5 years of work. The world’s fastest supercomputers would need trillions of years to find a solution for longer, 128-bit keys.
What makes quantum computing so disruptive is its ability to quickly solve seemingly impossible prime number factorization problems. This would make the foundational encryption fo modern internet communications vulnerable. Some of today’s most robust cryptographic algorithms, AES-256 and SHA-256, will be substantially weakened by quantum computing, while RSA, ECDSA, and DSA will no longer be secure at all.
Fortunately, the threat is still hypothetical. Today’s quantum computers still have too little processing power and are too error-prone to solve for any commonly used encryption methods. It’s predicted that quantum computers would need 100,000 times more processing power and an exponentially better error rate than what’s currently available.
Because of size and expense, quantum computers must be isolated in supercooled rooms to function. It’s also unlikely that cybercriminals will have the resources to build quantum processors, so it’s safe to say the codes that in widespread use are secure from quantum computing in the short term.
Prevention Starts Now
Even though quantum computers don’t have the ability to solve current forms of encryption yet, it’s critical for the cybersecurity industry to stay ahead of the threat and come up with quantum-proof solutions now. Recent research from the Neustar International Security Council (NISC) found the vast majority (73%) of cybersecurity professionals expect advances in quantum technology to overcome legacy technologies, such as encryption, within the next five years.
Thankfully, many in the industry recognize that responding to quantum computing immediately is a key priority for the cyber industry. This requires laying the foundations for rebuilding the algorithms, strategies and systems that form our current cybersecurity approach. For both today’s major attacks, and also the small-scale, targeted threats, every organisation should have quantum on their radar. Security teams and the wider business need to be aware of all encrypted data and ensure it is surrounded by 24/7 monitoring and threat intelligence tools, alongside robust processes. It’s also important to be aware that even though this data cannot be decrypted now, there are risks to having the data “scraped” and saved for when there are significant advances in quantum technology. The time to protect information from quantum methods is now.
Cybersecurity Professionals Taking Action
Fortunately, 74% of cybersecurity professionals have admitted to paying close attention to the technology’s evolution, and almost a quarter of security professionals are experimenting with quantum computing strategies in response to concerns that quantum computing will outpace the development of other security technologies. The security community is hard at work developing new post-quantum cryptography that cannot be broken by quantum technology. The U.S. National Institute of Standards and Technology is already evaluating 69 potential post-quantum encryption methods. Among the most promising are lattice-based algorithms, which involve hiding an encryption key at the intersection point of a multidimensional lattice. The only way to reach the key is to know the way through the lattice, and even quantum methods are unable to compute the path.
It’s important to note that 87% of CISOs, CSOs, CTOs, and security directors are excited about the potential positive impact of quantum computing. Its power should not be viewed as negative, but instead something that we need to understand and carefully prepare for. With the promise to one day solve complex world problems, quantum computing holds endless possibilities for many of the world’s most important industries, including health care, science, and finance. If cybersecurity professionals continue to take action, they’ll ensure that that this level of computing power won’t upend the secure framework of digital communication at the same time.