Is Quantum Computing a Threat To Current Encryption Methods?
It’s time to upgrade to quantum-secure encryption.
Encryption is the backbone of cybersecurity, keeping data and systems secure. Quantum computing threatens to make today’s encryption obsolete. Developing quantum-secure encryption is one of the main challenges facing the cybersecurity sector today, highlights Michael Redding, chief technology officer at Quantropi.
Explaining how quantum computers work is challenging. It involves presenting complicated scientific concepts like superposition, which allows groups of qubits to create multidimensional computational spaces. For those who do not have a background in quantum physics, quantum computing can seem more like science fiction than computer science.
Explaining what quantum computers do, however, is much easier. In essence, they leverage the behavior of subatomic particles to increase computation speed exponentially. When Google announced in October 2019 that it had achieved “quantum supremacy,” it was celebrating the fact that it had used quantum computing to solve a complex mathematical problem in 3 minutes and 20 seconds. How long would a conventional computer have taken to solve the same problem? According to Google, it would have taken at least 10,000 years.
How will the world use this mind-blowingly fast processing power? Experts predict it will transform a number of industries, from pharmaceuticals to finance to supply chain management. However, the quantum computing use case that has been making the most headlines in recent months is cybersecurity.
Using Quantum Computers To Crack Encryption
Encryption is the backbone of cybersecurity. It is the tool that keeps critical data under lock and key. Without it, security and privacy would be impossible to achieve.
Hackers have a number of avenues for gaining unauthorized access to encrypted information. One popular method involves social engineering attacks that seek to trick someone into revealing the password that provides access to data. Rather than cracking the code, hackers using social engineering attacks simply steal the key.
Data breaches provide another option for obtaining passwords. Reports of breaches regularly make the news, and each breach has the potential to put passwords into the hands of bad actors seeking to obtain access to encrypted data.
Brute force attacks represent a different approach to cracking encryption. Rather than trying to obtain the password from a user or stolen data, these attacks use computers to cycle through possible passwords until the correct one is found. Essentially, brute force attacks figure out passwords through trial and error, leveraging computers to do the work quickly and systematically.
Current encryption methods are considered effective in thwarting brute force attacks, as the most advanced encryption systems work with passwords or keys that are long and complicated or highly random. With today’s computers, deciphering the key through trial and error can take millions of years.
However, quantum computing changes the timeline for cracking today’s encryption. By exponentially increasing processing speed, quantum computers could break the most advanced keys commonly used today in minutes.
Preparing for Y2Q
When will bad actors have access to a quantum computer capable of threatening today’s encryption? Based on Shor’s Algorithm, a quantum computer would need millions of qubits with a quantum circuit depth measured in the billions – with essentially perfect calculation fidelity.
Based on today’s quantum computing capability, that would put Y2Q into the 2040s, if ever. However, breakthroughs that have been achieved in 2023 in research out of China and Germany using a hybrid classic + quantum attack vector using AI and machine learning have drastically reduced the quantum capabilities required to break asymmetric encryption as compared to Shor’s Algorithm.
Combining these new AI and machine learning hybrid attack vectors with the rapid advancement of quantum computing capabilities begins to crystalize a pathway to Y2Q in the next 1 to 5 years. It is no longer a question of “how” to break asymmetric encryption with today’s generation of technology — the approach has been published. Now, It is only a matter of optimization and continued incremental technology improvements.
To address Y2Q’s impact on security, developers are focusing on two main approaches to quantum security: post-quantum cryptography and quantum key distribution. Post-quantum cryptography (PQC) leverages complex mathematical algorithms to provide security that is resistant to quantum attacks, while quantum key distribution involves exploiting the properties of quantum mechanics to bolster security.
Two Approaches To Enable Quantum-secure Encryption
PQC provides an efficient means of updating security systems because it is math-based, which allows it to be implemented through computer coding and deployed in end devices with a simple software update. However, PQC’s security relies on complex/hard mathematical calculations and, in some cases, large key sizes, both of which come with considerable performance costs.
Organizations that seek to quantum-proof their systems with PQC must be aware that considerable infrastructure updates may be necessary. Because PQC encryption schemes are typically more complex than those currently in use, they require more resources for encrypting and decrypting, including more time, storage space, memory, and network bandwidth.
For the average user relying on PQC for booting machines or encrypting data related to web browsing, the additional processing burden might not be noticeable. However, organizations simultaneously transmitting and receiving thousands or millions of digital transactions per second must consider the impact this will have on their performance. Failure to do so can create dangerous latency in devices that rely on high efficiency, such as the systems that manage computer-aided driving software in autonomous vehicles.
PQC also poses challenges for updating internet of things (IoT) devices to quantum-secure encryption. Smart doorbells and other intelligent appliances will become vulnerable if their encryption systems are not updated, though they typically do not have the processing power to support PQC effectively.
Quantum key distribution (QKD) is another option for quantum-resistant encryption. This approach relies on the laws of quantum physics rather than mathematics to generate and transmit encryption keys between two parties. The natural laws involved in this process also provide warnings to users when QKD transmissions are disturbed or intercepted by bad actors.
Theoretically, QKD provides security that is effective against quantum computing attacks and can withstand attacks for an indefinite amount of time. Practically, however, making it a reality would require overcoming a number of significant technical challenges. QKD uses photon emitters and receivers to create quantum entanglement between two devices. However, the current state of this technology is largely experimental, with few commercial deployments and significant limitations on bandwidth, distance, complexity, and cost that continue to be explored and improved upon.
See More: Why and Where the PQC Market is Gaining Traction
Racing the Clock To Become Quantum Secure
Developing quantum-secure encryption is just the first step toward preparing for Y2Q. In order to be truly quantum secure, organizations must assess where they are vulnerable, determine how to integrate new security systems in those areas, deploy those systems, and test them. It is a process that could take years, and the clock is ticking.
Those who understand the stakes involved are already taking steps. For example, the US government issued a National Security Memorandum in May 2022 that warns of the “significant risks” that quantum computing poses to “the economic and national security of the United States.” The memorandum calls for a “timely” transition to quantum-resistant cryptography.
Rob Joyce, NSA cybersecurity director and deputy national manager for national security systems, highlighted the need to push forward in achieving quantum-resistant systems in his comments on the memorandum. He stated: “Implementing approved quantum-resistant cryptographic solutions across all of our systems will not happen overnight, but it’s critical that we chart a path to get there considering the potential threat of quantum computing.”
In the end, public and private organizations need to prepare for Y2Q immediately to protect their data, connected devices, systems, and communications. The time is now.
Are you preparing for Y2Q? How are you upgrading to quantum-secure encryption? Share with us on Facebook, Twitter, and LinkedIn. We’d love to hear from you!
Image Source: Shutterstock
MORE ON QUANTUM COMPUTING
