Quantum Computers Have Arrived!
Quantum Computing is not just a concept any longer. Over the last few years, Quantum Computing has evolved into one of the most revolutionary new technologies with the potential to significantly transform industries such as medicine, finance, etc; however, it also presents a large challenge in terms of the security of modern digital systems. As quantum computers become more powerful, they will be able to break into and access many of the current methods that we use to protect communications, financial transactions and other sensitive personal information. Thus, this coming disruption has given rise to an entirely new field of study known as “post-quantum security” – a new branch of cryptography designed specifically to address how we secure our data from quantum computing.
What is Quantum Computing?
Simply put, quantum computers work in a very different way from traditional computers. Traditional computers process information using binary digits (0 or 1), while quantum computers use quantum bits or qubits, through their ability to utilize the concepts of superposition and entanglement. Therefore, quantum computers can perform some calculations much faster than traditional computers – some problems that would take one or more thousands of years for a traditional computer to solve may be completed by a quantum computer in just a few hours, if not minutes!
Why Current Security Will Be Threatened By Quantum Computers’ Ability
Cryptography stands at the heart of modern digital security and is based on cryptographic algorithms such as RSA and elliptic curve cryptography. These methods depend on mathematical problems that can be solved relatively quickly in one direction, while they can be solved extremely slowly when reversed unless you possess the necessary key. Factoring large numbers into their prime constituents is virtually impossible for classical computers, even though there exists a simple way to do so.
Quantum computing disrupts the above factors completely. For example, by using Shor’s Algorithm, quantum systems can convincingly perform prime factorization and efficiently compute discreet log functions, thus breaking many commonly used forms of encryption. As a consequence of quantum technologies becoming robust enough to be deployed, we will see encrypted data stored or exchanged by users now (with corresponding, but ill-equipped, security measures designed to protect them), become at risk to quantum attacks.
The Termed “Harvest Now, Decrypt Later”
“Harvest Now, Decrypt Later” represents one of the most concerning, transitional qualities in the choice over when to utilize future quantum development. Potentially adversarial nations/states may currently be collecting methods of today’s encrypted (but not necessarily broken) data for use after those nations have developed relative quantum capabilities.
This is most severe for highly sensitive data that provides long-term value; government communications; medical records, intellectual property, etc. Even if no available quantum technology exists yet that allows attackers to break encryption currently, there is a possibility of future attacks against the victimized parties by exposure and/or corruption of today’s stored non-broken encrypted data.
Post-Quantum Cryptography: New Strategies for Defending Against Quantum Threats
Researchers and organizations are responding to the threat posed by quantum computers to the current standards of cryptographic algorithms. They are developing Post-Quantum Cryptography (PQC), which is a new category of cryptographic algorithms designed to provide security against quantum attacks and classical attacks.
What is a Quantum-Resistant Algorithm?
Quantum-resistant or Post-Quantum algorithms are based on mathematical problems that are (believed) to be truly difficult for quantum computer systems to solve. Unlike classical algorithms (e.g., RSA, DSA) that are based on either the difficulty of factoring large numbers or the difficulty of taking discrete logarithms on a finite field, PQC includes several approaches to creating new algorithms, including:
cryptographic methods based on lattices
cryptographic methods based on hashing
cryptographic methods based on coding theory
cryptographic methods based on multivariate polynomials
Thus, with the current approach of creating new PQC algorithms, you can expect that even with the exponential processing power of a quantum computer, it will still be infeasible to break these new encryption algorithms.
Standardizing New Algorithms
There are many governments and organizations around the world working on creating new standards for PQC. The work that standards organizations are doing/ will do to standardize PQC algorithms will be critical to the future of PQC, in terms of achieving interoperability, security and mass adoption of these standards. The organizations that develop new standards will evaluate candidate PQC algorithms based on several factors, including:
security strength
performance
ease of implementation of the new standards
Transitioning to PQC for existing standards will be both a technical and logistical challenge. Transitioning from legacy infrastructure (i.e., global networks) to PQC will require careful coordination and strategy to achieve successful implementations of all existing security protocols.
Transitioning to Post-Quantum Security: Challenges
The development of quantum resistant algorithms is showing promise but implementing them at scale has many challenges.
Performance and Efficiency
Post quantum algorithms will require larger key sizes and additional computational resources compared to what is currently being used. This can result in diminished performance and increased storage requirements, especially in constrained systems like mobile and embedded systems.
Existing System Compatibility
Our modern digital infrastructure is dependant on today’s cryptographic standards. The move to new systems necessitates that the new and classic are able to work together during a transitional period while maintaining the security.
Uncertainty/Risk
Post quantum algorithms are intended to be secure against quantum attacks, but they have had less time for their security to be validated in the real world than have traditional cryptographic methodologies and thus there continues to be the risk that over time some may be determined as insecure.
Wider Implications of Quantum Security
The ramifications of quantum computing extend beyond cybersecurity. There are industries that rely heavily on the ability to exchange/safeguard secure data (e.g., banking, healthcare, and defense) that must prepare for an eventuality of traditional encryption no longer being a suitable option.
Economic and Strategic Considerations
Countries and businesses have made significant investments in quantum technologies to secure their place as leaders in quantum computing, which many believe offers potential economic and geopolitical benefits. Conversely, organizations who do not adopt post-quantum security measures may be vulnerable to future attacks.
Ethical and Privacy Considerations
With the capability to break encryption comes many ethical concerns about privacy, specifically surrounding the fact that the concept of privacy is a critical component of our digital society and the potential invasion of privacy with sensitive data would have massive ramifications. Therefore, ensuring there are adequate security measures in place with any new quantum advances is critical to preserving trust in digital systems.
Preparing for a Quantum Future
The organization will not simply transit to the post-quantum environment overnight. Organizations and individual states will need to conduct due diligence regarding their industries and economies to plan and invest accordingly. Examples of pre-existing components necessary to transition to post-quantum include.
An organization should recognize all cryptographic assets and dependencies, as well as actively monitor news of the current developments related to quantum computing and PQC (post-quantum cryptography) standards.
Assist organizations in the implementation of hybrid (quantum-classical) cryptographic solutions as they are being developed and production-ready.
Educate and train staff on new security measures as they develop and are implemented.
Final Thoughts
Quantum Computing poses not only an opportunity like nothing we’ve ever seen before, but a formidable obstacle to many companies’ digital security. Quantum Computing has the potential to change the way we think about computing; however, it is also capable of ripping apart the entire architecture of digital security. Fortunately, post-quantum cryptography can help us through this transition; that said, it will take a great deal of both planning and worldwide collaboration.
The question shouldn’t be if, but rather when, digital security will be compromised as we suck into the quantum age, thus we must prepare as soon as possible for the day we wake up in a world with no digital security, therefore saving us from the fate of the rest of the world tomorrow.
