Read time: 7 minutes
The world of computers and cybersecurity is an ever-changing environment, with new tools like machine learning and AI being created every day. One idea, which has slowly become much more than just an idea, is the idea of quantum computing. With quantum computing, new encryption algorithms can be created which are many times more powerful than the classical cryptography we use today. While quantum computing can have many advantages for cryptography, it can also be used by threat actors to create new malware that can break classical cryptographic algorithms in half the time or less. Luckily, as of now, quantum computers are still a long way off from being fully created and usable, but your enterprise can still begin preparing for the quantum revolution before it starts.
What is Quantum Computing?
The way classical computing works is that operations are performed in the form of a bit. These bits can have a value of either 0 or 1 at a certain time. Quantum computing leverages the quantum mechanics idea of superposition. Superposition is where something, like a bit, is in two states at once. This means that quantum bits, or qubits, can be in the state of both 1 and 0 at the same time. Performing a computation on a set of two classical bits takes four calculations, as the bits can be set to either 00, 11, 01, or 10. With quantum computing, since the qubits can be in all four states at once, then the quantum computer can perform calculations on all four states at once. Since quantum computers can perform four calculations at once on two qubits, a fully functioning quantum computer could break the majority of classical encryption algorithms in days, and in some cases even hours.
This causes many huge issues for our modern encryption systems. Some encryption algorithms like RSA, which is used in the majority of ecommerce transaction encryptions, base their security on the fact that the private key is generated by factoring a number that is the product of two large prime numbers. This is extremely difficult to do with classical computers and could take up to thousands of years to break with a strong enough key length. With quantum computers however, their use of qubits significantly reduces the time to crack an algorithm like RSA. The key length can be extended for more security, but that just means that a 256-bit key is now only as strong as a 128-bit key in the face of quantum computing.
Advantages and Disadvantages to Quantum Computing
There are many different reasons that quantum computing could cause issues for the cybersecurity landscape, the biggest being that classical cryptography techniques can be broken in hours instead of years. As I previously mentioned, increasing the size of keys can slow down quantum cryptography, but that won’t stop these algorithms from being cracked. Another issue with quantum computing is that threat actors will eventually be able to use quantum computers to launch malware attacks.
Today, threat actors use machine learning and Artificial Intelligence to launch malware attacks, but with quantum computing, finding vulnerabilities in software and IT infrastructures will be much easier. Also, many threat actors are doing things like scraping the Internet for sensitive information and saving the encrypted information until quantum computing is usable. Once that happens, the sensitive information can then be decrypted and used as the threat actor sees fit. Information like email addresses or phone numbers may not be a big deal, but if encrypted sensitive government information was taken and then decrypted ten years down the line when quantum computing is in existence, then that information could be used against that government.
Quantum computing may seem like a negative for the world of cryptography, but there are also many advantages to the creation of quantum computing. With the computational abilities offered by quantum computing, new, more powerful encryption algorithms can be created. Already, just using the ideas behind quantum computing, several different algorithms have been created to solve computational problems that are hard or next to impossible to solve with classical computing. These algorithms include Shor’s algorithm, Grover’s algorithm, the Quantum Approximate Optimization Algorithm (QAOA) and the Harrow Hassidim Lloyd (HHL) Algorithm. These algorithms solve problems like factoring large numbers and solving the discrete logarithm problem to solving a linear system of equations.
Additionally, with quantum computing coming ever closer every day, many organizations like the National Institute of Science and Technology (NIST) are reviewing certain post-quantum cryptography algorithms. These algorithms will be resistant to quantum computing attacks, thus ensuring data will stay secure as long as these algorithms are utilized. As of now, however, no quantum computer strong enough to break any classical cryptographic algorithms has been created yet.
When will Quantum Computers be Operational?
At the time of writing this, quantum computers are still in the early development phases. Some smaller quantum computers have been created, but the biggest number factored on a quantum computer was 15 which is only 4 bits long. According to recent research, it looks like it will be another decade, around 2030, before a truly fully functional quantum computer is designed and in use. It could still be sooner, however, as new quantum computing methods are being found each day that push forward the design of a quantum computer. There are also many hardware components to a quantum computer that must be created first, before a quantum computer is designed.
To create a quantum computer, the current day processors must be many times faster than they are, as quantum computing requires extreme speeds to work. Another issue facing quantum computer creation is the idea of logic gates. Currently, several small quantum computers have been created, and they are programmed from individual quantum logic gates. This works fine when the quantum computer you are using only deals with a small number of qubits, but once you reach thousands of qubits this is impractical. One other hurdle quantum computers must overcome is the lack of trained quantum computing professionals. Some universities and open-source communities teach about quantum computers, but there is just not enough practical knowledge out there yet to create the talent needed for quantum computing.
Protecting yourself ahead of Time
Although quantum computing seems a long way off, it is still important to protect yourself and your organization from the coming quantum computing threat. There are a number of different ways to protect your enterprise from quantum computing threats, starting with ensuring you are always up-to-date on NIST best practices and recommendations. The National Institute of Science and Technology is currently working on creating encryption algorithms that can stand up to quantum computing. As long as you are using the most up-to-date compliance and best practice standards for your organization, you can stay ahead of the negative effects of quantum computers. Other supposedly “quantum-safe” ideas have also been designed, like Quantum Key Distribution which uses quantum mechanics properties to transport keys securely. These types of technology may become the standard to protect against quantum computing in future, so continually learning about the latest and greatest quantum resistant technologies can also benefit your organization.
Although it may be a decade or more away, quantum computing could be nearer than most people think. In the near future, threat actors may be able to leverage these quantum computers and use them to launch new, sophisticated malware attacks. But quantum computing is not all bad, it will help make the world of cryptography a much safer place in the long run. Many of today’s computational problems may be a thing of the past with quantum computing. Understanding how quantum computing works is the first step to protecting your enterprise from quantum computing attacks and helping develop new methods of safely transmitting sensitive data.