Encryption - is there a threat from quantum computing?
Quantum computing is poised to undermine the public key encryption that keeps most internet data secure. How do quantum computers work — and how significant is their threat to cybersecurity?
Quantum computing is no longer the stuff of science fiction. It’s a reality that could change the future of computing as we know it, for better or worse. Among the potential dangers is the possibility that its formidable number-crunching power could break the encryption that secures most digital transactions, online and off.
What is a quantum computer, how is it used, and does it really pose a threat to cybersecurity?
What is quantum computing?
A 2020 McKinsey report explains the difference between conventional computers and quantum computing: "Current computers can handle only one set of inputs and make one calculation at a time. Qubits, which power quantum computers, are volatile and changeable in nature; more importantly, they can store values of one and zero at the same time, thanks to the principle of quantum superposition. This state allows quantum computers to solve multiple calculations, each with multiple inputs, simultaneously."
"For some very time-consuming problems, quantum computers can find a solution in far fewer operations than a conventional computer would need."
Quantum computing applications
Analysts can only speculate how these powerful quantum computers will ultimately be used — but one thing is for certain, the impact on the business world will be significant. McKinsey describes the potential of quantum computing as “transformative and disruptive,” citing examples like data analysis, financial portfolio optimization, and logistics efficiencies as areas quantum computing could improve. Furthermore, McKinsey projects savvy stakeholders in finance, energy, and other advanced industries will start deriving value from quantum computing as soon as 2025.
But the report also highlights a serious threat posed by the advent of quantum computing - the impact on cybersecurity: “Even if it is unlikely to happen before 2030 or beyond, quantum computers will eventually be robust enough to factor the prime numbers underpinning current data security systems, meaning that businesses will need to completely rethink their cryptography systems.”
Will quantum computers break encryption?
Many current data exchanges are encrypted, ranging from the critical (online banking transactions) to the more trivial (WhatsApp chats). Each exchange begins with the transfer of a key and this key is encrypted using an extremely robust security protocol known as Public Key Encryption. “Public key encryption relies on the fact that it is much harder to figure out the factors of a number – what numbers were multiplied together to produce it – than to multiply them to make the number,” explains The Guardian. “If you choose two large prime numbers, a computer can multiply them together easily, but it can't deconstruct the result with anything like the same ease.”
Historically, the difficulty of determining these factors has endowed PKE with the necessary security. But a quantum computer’s ability to superposition numbers means this once insurmountable threshold can be breached in a matter of hours.
Some see this potential threat of quantum computers as a cause for immediate action. In May 2022, the U.S. government published a detailed memorandum outlining the risks forthcoming quantum computers would pose to “vulnerable cryptographic systems” — and proposing two defensive measures: maintain leadership in quantum information science and transition the U.S. cryptographic system to “interoperable quantum-resistant cryptography.”
Threat or non-threat?
Others are less concerned. TechBeacon compares quantum computing to Samuel Beckett’s absent Godot and tempers apocalyptic projections with a reality check. “In the first place, it is unlikely that large-scale quantum computers will be built in the next several years. Second, alternatives to PKE already exist. Standards organizations and researchers are actively working to identify the best alternatives and plan the transition to post-quantum cryptography — cryptosystems that are secure against both classical and quantum computers and can work with existing communications protocols and networks.”
Without a crystal ball, it seems only time will tell how grave a threat quantum computing poses to cybersecurity. But as the Economist points out, the current non-availability of quantum systems is not necessarily a reason to rest easy in the belief that today's exchanges are safely protected. Nothing would prevent a hacker today from capturing and storing encrypted data with a view to decrypting it when a suitable solution becomes available in the not-too-distant future.
But regardless of quantum computing’s ultimate impact, the prospect of its threat to cybersecurity has given rise to a number of additional defense measures.
Quantum-resistant algorithms
As TechBeacon mentioned above, researchers are working hard to identify alternative defenses to conventional encryption for the post-quantum world. In July 2022, the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) announced four encryption algorithms designed to defend against quantum computing infiltration. Major players like Microsoft have also unveiled plans to address post-quantum cryptography with quantum-resistant algorithms. But there’s still a lot of progress to be made. In August 2022, one of NIST’s promising contenders — Supersingular Isogeny Key Encapsulation (SIKE) — became the second post-quantum cryptography algorithm to be broken this year.
The research will continue, but savvy companies would be wise to start examining their own cybersecurity infrastructure and preparing for the post-quantum computing landscape. The fears surrounding quantum computing might ultimately prove to be overblown, but when it comes to data security, it’s better to be safe than sorry.