Quantum technology aims to vastly improve calculations and, in turn, advance computing so that computing calculations can happen at a rate of knots. (For those not up on their British slang, “rate of knots” means very fast!) With quantum technology, seemingly impossible computations will be done with ease and with speed. But with these dynamic capabilities comes the threat posed not only to cryptography but to cybersecurity infrastructure, too.
Quantum computing will achieve our computing aspirations, but the rate at which exponentially large numbers can be processed will impact our security. The question arises: How can we adapt our security to maintain safety of our sensitive data both now and in the future? Crucial decisions must be taken if we are to act on any future threats as a result of quantum computing advancements.
There are so many questions (many unanswered) to be addressed:
- Is leveraging quantum computing for security a feasible solution -- perhaps a move from current cybersecurity methods to a quantum version?
- Without an advancement in our security approach, will quantum computing pose a threat to our security and challenge our current cybersecurity infrastructure?
- Will quantum computing break current encryption methods and algorithms?
- How do we ensure the safety of our data after the arrival of quantum computing?
- How do we future-proof our cybersecurity and our data safety?
Yes, the list is endless.
What’s all the fuss about?
In theory, quantum computers could be utilized to break RSA cryptography, which is widely used throughout the Internet. Understandably, this is causing some concern!
Moreover, data is considered the most valued asset (by most) and privacy of information is paramount -- both a legal and personal requirement. Any threat to the manner in which we currently secure and maintain security of our data is concerning, and rightly so.
Traditional encryption techniques work (and should work for some time still) as the keys used are difficult (near impossible) to crack within a reasonable time frame when utilizing traditional computing methods. This is due to the length and degree of randomness of the keys. The concern is that if quantum computers become mainstream (a suggested 15-20 years from now), cracking these keys will no longer be a challenge but rather simple to achieve and will result in the security of our Public Key Cryptography failing.
The quantum alternative for traditional computers will be super-efficient and will outperform anything we have available now. (This is good, right?) Nevertheless, a consequence of this is that some cryptographic technology, fundamental to our current cybersecurity, will be broken. (This is not so good!) Parts of the encryption technology as we know it will be threatened and will become fragmented! Which parts are likely to be influenced? Well, as long as we continue to use long and fully random keys, symmetric encryption itself should remain secure. A problem may arise when it comes to generating the secret key and securely sharing it (key generation and distribution). Quantum computing will make factoring large calculations back to prime constituents simple and the fundamental component, PKI, of many encryption tools will take a hit.
Presently, we are not likely to crack the keys, but in the long term quantum computations will make this both possible and probable. We will no longer be able to rely on the difficulty of rapid factoring of large numbers as the foundation of our security. (This is the basis of cryptography functioning as we know it.)
Comparing the old and the new
We have been encoding messages for thousands of years. However, one of the first sophisticated and efficient means of encryption was the Enigma machine of World War II. Until the 1990s, algorithms were utilized in conjunction with a key for encryption. Traditionally, the two most widely used methods for key employment are Public Key Cryptography (PKC) and Secret-Key Cryptography (SKC), where PKC uses two keys, one to encrypt the message and the other to decrypt, and SKC uses only one key, which is shared between parties to encrypt and decrypt the message.
For now, traditional methods are safe as the algorithm and key combination to encrypt data are exceptionally large and seriously challenging to attempt to crack. It is near impossible to achieve with traditional computers in a reasonable timeframe.
Quantum computers will change this all, by exploiting the properties of physics. Quantum computers work differently to the conventional computers and are much more powerful. Whatever our current computers can do they can do better, resulting in performance and efficiency that will exceed that of any computer of today. The threat to security stems from the differences in their fundamental functioning. With conventional computing, numbers are represented as 0s and 1s, and with quantum computing, atomic-scale units (quantum bits) are used and these units can be both 0 and 1 simultaneously. Thus, quantum computers function by encoding 0 and 1 binary data simultaneously, unlike conventional computers.
The public key infrastructure will need to be revamped and quantum-safe methods used if we are to ensure secure exchange of keys and the security of our data. With quantum computers in the mix, SKC may be favored over PKC, but a method for secure transfer of the key is needed as well as a method to protect from third-party access to that single secret key.
In short, quantum computers will make cracking the long and random keys simple, threatening PKC, and although SKC should be fine, key distribution will be an issue.
Differing degrees of random
The capability of quantum computing to perform the calculations needed to crack current public keys is most definitely a hazard to present-day security, but the inability for attaining sufficient and quality random numbers can be a risk to security, too. This is where quantum computing may help cybersecurity. Quantum computing could improve the speed at which random numbers can be generated as well as the quality of random numbers generated. Perhaps it is not all doom and gloom after all, if quantum computing can also be used to help strengthen security.
The building blocks of cryptography are random numbers. Moreover, they are the key components for a multitude of security functions including: encryption, authentication, one-time passcodes and signatures (amongst other applications). For these operations to be undertaken successfully, large quantities of quality random numbers are needed. Without the ability to generate these random numbers, security levels become poor, resulting in vulnerable systems.
Typically, random numbers are being generated through physical or software generation. Software generation (Pseudo Random Number Generators) works by feeding an initial value into an algorithm that in turn produces a sequence of random numbers. The physical approach relies on changes being made to the physical system through keyboard strokes, mouse clicks, noise and sound, etc.
Utilizing a quantum alternative for generation of random numbers will provide the highest quality of unpredictability in numbers at exceptional speeds. This will result in the strongest foundation for security and will ultimately play a role in protecting data from emerging quantum computers and developing attack tactics. Physical and software generators for random numbers will no longer suffice once the quantum alternative is common practice.
Once this happens, other aspects of cybersecurity systems will need to advance, too.
Cryptography on the cusp of change
Quantum physics may provide the solution to the key distribution problem that in part it is responsible for. Key distribution issues can be solved at a quantum level.
Quantum physics harnesses the unpredictable nature of matter at the quantum level and the manner in which information can be exchanged on secret keys has been discovered. Photons are used to transmit a key! Once the key is transmitted, normal SKC can continue.
The process, Quantum Key Distribution (QKD), uses quantum functionalities to share a key between two parties without the need for public key techniques.
Ultimately quantum cryptography aspires to impede third-party attacks on encrypted data. Quantum physics is responsible for the development of the first cryptographic safeguard against such interception.
Any alteration to the photons will be detected and the presence of interception made known. Any attack on the system by an adversary will leave detectable traces, showing that the data has been compromised. The data will also not be vulnerable to quantum computers. The technology is still developing, but the future of cryptography is likely to utilize properties of quantum and perhaps hybrid solutions of traditional and quantum techniques. This will be necessary if we are to have any chance at protecting data from threats of emerging quantum computers.
Keeping up with change
Although our current methods for cryptography are secure, there is no guarantee that these traditional keys will be secure for the long term.
There is no doubt that traditional cryptography, as we now know it, is extremely difficult to crack but with enough power (that quantum computers will bring) this becomes highly probable.
Quantum computers are emerging. It may still be some time until quantum computers are mainstream and practical, but we must be aware and adapt security measures as needed. (This may mean utilizing quantum technology as part of the security process.) Moreover, quantum physics may also provide solace for our security concerns -- brought about by quantum computing -- and may revolutionize cryptography.
Although 15 to 20 years seems like ages from now, when considering the arduous task and the time that it takes to develop, adapt, and employ new infrastructures -- this is not as far away as it may seem.
Many organizations are responsible for securing sensitive data (personal and financial) and this needs to be achievable over a long time scale. These organizations do not want to find themselves in a situation where their data is left vulnerable to attack once full-fledged quantum computing arrives.
A change in cryptography is inevitable. It is just a matter of time, whether it’s 10 or 15 years or even 20 or 30 years from now, and as computing evolves so must the manner in which we secure our systems and data. There is a lot of research and development happening in this field right now, placing further emphasis on its importance. Quantum computing and cryptography is the subject matter to stay abreast of to make sure that the necessary actions are taken when required.