Quantum computing will have a transformative effect on the global economy. Once commercially available, its advantages will span industries; enhancing fellow technologies and allowing us to solve complex problems like never before. However, these advancements do not come without risk. Quantum computers will change the cybersecurity landscape significantly, especially when it comes to cryptography.
Quantum computing’s growth: Famous or infamous?
Since work on quantum computing first started in the 1980s, it has often been spoken of as ‘the next big thing’ in computing. Today’s classical computers code information in a binary state, existing as either 1s or 0s, known as a bit. By contrast, a quantum computer codes information in a quantum state, known as a qubit (quantum bit).
These qubits can store information as 1s, 0s or anywhere in between thanks to a principal called superposition. This means that qubits can store more information than bits, which is what gives quantum computers exponentially greater computing power than their classical counterparts.
In the early days, progress could be described as steady – often with the theoretical taking significant steps forward while the practical struggled to keep pace. In recent times, however, we’ve seen the practical pick up the pace.
Significant investment from organisations including Google, IBM, Microsoft and Amazon, together with a host of quantum start-ups, has led to a sharp increase in quantum manufacturing and R&D as these companies look to commercialise the technology.
They are joined with state-backed initiatives from the US, China, Europe and now Russia, many of which are looking to apply the technology to communications infrastructure (the so-called ‘quantum internet’) and, perhaps, some more nefarious purposes.
So, when will quantum computers hit the shelf? That’s still a subject of much debate. Some believe it’s still a while off, while others say it’s just around the corner. IBM, for instance, states that “in five years, the effects of quantum computing will reach beyond the research lab.”
We’re already starting to see this, with the aforementioned tech giants beginning to offer access to their existing quantum computers ‘as a service’ in the cloud. Moreover, the ground-breaking news of October 2019, when Google and NASA claimed to have achieved ‘quantum supremacy’ – the point at which a quantum computer can solve problems that are practically unsolvable by classical computers – signals that the quantum era may be closer than some think.
The impact of quantum computing
Fully-fledged commercial quantum computers will have a transformative effect on areas including scientific and medical research, economic analysis, AI, big data and many other disciplines which require large volumes of data and complex calculations.
However, the technology will have the ability to do harm as the very same computing power can be applied to undermine cybersecurity.
Of particular concern is the threat to public key cryptography; something that was identified in 1994 by MIT professor Peter Shor when he developed ‘Shor’s algorithm’, a quantum algorithm for factoring integers (also known as prime factorization, the method public key cryptography uses to generate keys).
This implies that a quantum computer running Shor’s algorithm will be able to break the encryption techniques that underpins most of the world’s cryptography in a matter of days, if not hours. To put this into perspective, it would take a classical computer thousands of years to perform the equivalent task.
Quantum-ready cryptographic technologies
With quantum computing threatening the fundamentals of cryptography, organisations must act to mitigate the threats posed to sensitive data. Thankfully, technologies exist today that can be implemented to protect against both quantum and classical or malware attacks.
Strong encryption begins with a source of genuine randomness (entropy); numbers used to seed encrypted keys must not be vulnerable to prediction or bias. In the quantum era, randomness will become even more crucial because quantum computers will be able to ascertain patterns much quicker than classical computers. Pseudo Random Number Generators, which use inputs from the environment around them, will simply not be random enough.
The answer lies in Quantum Random Number Generators (QRNGs), which provide high entropy and a true source of randomness by themselves leveraging principals from quantum physics. By firing photons (particles of light) at a semi-transparent mirror and observing if they are absorbed or reflected, there is no observable pattern as seeds are generated.
Once keys are generated, they must be distributed in a way that guarantees forward secrecy; something that will also be at risk in the quantum age.
Quantum Key Distribution (QKD) allows keys to be distributed in a way that guarantees forward secrecy, again using a quantum principle known as the ‘observer effect’, which states that observation causes perturbation. Keys are sent via photons across an optical link, and if a key is intercepted and observed in transit, the sender and receiver would be alerted that it is not safe to use.
Last but not least are the algorithms themselves. While it’s been clearly established that today’s algorithms are all vulnerable, Quantum Resistant Algorithms (QRAs) are designed to remain secure in a post-quantum world. 26 are currently being assessed by NIST, with draft standards expected as soon as 2022. They come from a range of mathematical ideas and principles, but broadly fit into three categories: lattice cryptosystems, code-based systems and multivariate systems.
From quantum-ready to quantum-safe
Organisations must remain agile in this changing threat landscape, especially when it comes to cryptography.
Combining high-assurance, end-to-end encryption with a true source of entropy (QRNG) and a method of key distribution that aids forward secrecy (QKD) ensures your encryption solution is fit-for-purpose as the age of the quantum computer looms.
Utilising today’s standards-based algorithms, or providing your own, and ensuring your encryption platform offers support for as many of these algorithms as possible, also allows for both security and flexibility.
When available, implementing quantum resistant algorithms will further mitigate the risk of a quantum attack.
Find out more in our technical paper: Quantum Computing & Quantum-Safe Security