Quantum computing (QC) represents the biggest threat to data security in the medium term, since it can make attacks against cryptography much more efficient. With quantum computing capabilities having advanced from the realm of academic exploration to tangible commercial opportunities, now is the time to take steps to secure everything from power grids and IoT infrastructures to the burgeoning cloud-based information-sharing platforms that we are all increasingly dependent upon.
Quantum Computing Threatens All Types of Encryption
Despite encrypted data appearing random, encryption algorithms follow logical rules and can be vulnerable to some kinds of attacks. All algorithms are inherently vulnerable to brute-force attacks, in which all possible combinations of the encryption key are tried.
According to Verizon’s 2021 Data Breach report, 85% of breaches caused by hacking involve brute force or the use of credentials that have been lost or stolen. Moreover, cybercrime costs the U.S. economy $100 billion a year and costs the global economy $450 billion annually.
Although traditionally, a 128-bit encryption key establishes a secure theoretical limit against brute-force attacks, this is a bare-minimum requirement for Advanced Encryption Standard symmetric keys, which are currently the default symmetric encryption cipher used for public and commercial purposes.
Businesses can implement quantum-safe cybersecurity solutions that range from developing risk management plans to harnessing quantum mechanics itself to fight the threats QC poses.
These are considered to be computationally infeasible to crack, and most experts consider today’s 128-bit and 256-bit encryption keys to be generally secure. However, within the next 20 years, sufficiently large quantum computers will be able to break essentially all public-key schemes currently in use in a matter of seconds.
How Does Quantum Computing Work?
Quantum computing speeds up prime number factorization, so computers with quantum computation can easily break cryptographic keys via quickly calculating and exhaustively searching secret keys. A task thought to be computationally impossible by conventional computer architectures becomes easy by compromising existing cryptographic algorithms, shortening the span of time needed to break public-key cryptography from years to hours.
Quantum computers outperform conventional computers for specific problems by leveraging complex phenomena such as quantum entanglement and the probabilities associated with superpositions (when quantum bits [qubits] exist in several states at the same time) to perform a series of operations in such a way that favorable probabilities are enhanced. When a quantum algorithm is applied, the probability of measuring the correct answer is maximized.
Algorithms such as RSA, AES, and Blowfish remain worldwide standards in cybersecurity. The cryptographic keys of these algorithms are based mainly on two mathematical procedures — the integer factorization problem and the discrete logarithm problem — that make it difficult to crack the key, preserving the system’s security.
Two algorithms for quantum computers challenge current cryptography systems. Shor’s algorithm greatly speeds up the time required for solving the integer factorization problem. Grover’s quantum search algorithm, while not as fast, still significantly increases the speed of decryption keys that, with traditional computing technologies, would take time on the order of quintillions of years.
All widely used public-key cryptographic algorithms are theoretically vulnerable to attacks based on Shor’s algorithm, but the algorithm depends on operations that can only be achieved by a large-scale quantum computer (>7000 qubits). Quantum computers are thus likely to make encryption systems based on RSA and discrete logarithm assumptions (DSA, ECDSA) obsolete. Companies like D-Wave Systems promise to deliver a 7000+ qubit solution by 2023-2024.
Prepare for Quantum Disruption
Quantum technologies are expected to bring about disruption in multiple sectors. Cybersecurity will be one of the main industries to feel this disruption; and although there are already several players preparing for and developing novel approaches to cybersecurity in a post-quantum world, it is vital for corporations, governments, and cybersecurity supply-chain stakeholders to understand the impact of quantum adoption and learn about some of the key players working on overcoming the challenges that this adoption brings about.
Businesses can implement quantum-safe cybersecurity solutions that range from developing risk management plans to harnessing quantum mechanics itself to fight the threats QC poses.
The replacement of encryption algorithms generally requires steps including replacing cryptographic libraries, implementation of validation tools, deployment of hardware required by the algorithm, updating dependent operating systems and communications devices, and replacing security standards and protocols. Hence, post-quantum cryptography needs to be prepared for eventual threats as many years in advance as is practical, despite quantum algorithms not currently being available to cyberattackers.
Quantum computing has the potential for both disrupting and augmenting cybersecurity. There are techniques that leverage quantum physics to protect from quantum-computing related threats, and industries that adopt these technologies will find themselves significantly ahead of the curve as the gap between quantum-secure and quantum-vulnerable systems grows.