What is the Impact of Quantum Computing on Cybersecurity?

Jan. 24, 2020

The quantum computing impact on cybersecurity is profound and game-changing, to put it in a nutshell. 

Quantum computing holds great promise in many areas, such as medical research, artificial intelligence, weather forecasting, etc. But it also poses a significant threat to cybersecurity, requiring a change in how we encrypt our data. Even though quantum computers don’t technically have the power to break most of our current forms of encryption yet, we need to stay ahead of the threat and come up with quantum-proof solutions now. If we wait until those powerful quantum computers start breaking our encryption, it will be too late. 

Another Reason to Act Now: Harvest Now, Decrypt Later

Regardless of when quantum computers will be commercially available, another reason to quantum-proof data now is the threat from nefarious actors scraping data. They are already stealing data and holding onto it until they can get their hands on a quantum computer to decrypt it. At that point, the data will have already been compromised. The only way to ensure the security of information, particularly information that needs to remain secure well into the future, is to safeguard it now with quantum-safe key delivery. 

The Quantum Threat to Cybersecurity

Quantum computers will be able to solve problems that are far too complex for classical computers to figure out. This includes solving the algorithms behind encryption keys that protect our data and the Internet’s infrastructure. 

Much of today’s encryption is based on mathematical formulas that would take today’s computers an impractically long time to decode. To simplify this, think of two large numbers, for example, and multiply them together. It’s easy to come up with the product, but much harder to start with the large number and factor it into its two prime numbers. A quantum computer, however, can easily factor those numbers and break the code. Peter Shor developed a quantum algorithm (aptly named Shor’s algorithm) that easily factors large numbers far more quickly than a classical computer. Since then,  scientists have been working on developing quantum computers that can factor increasingly larger numbers.  

Today’s RSA encryption, a widely used form of encryption, particularly for sending sensitive data over the internet, is based on 2048-bit numbers. Experts estimate that a quantum computer would need to be as large as 70 million qubits to break that encryption. Considering the largest quantum computer today is IBM’s 53-qubit quantum computer, it could be a long time before we’re breaking that encryption.

As the pace of quantum research continues to accelerate, though, the development of such a computer within the next 3-5 years cannot be discounted. As an example, earlier this year, Google and the KTH Royal Institute of Technology in Sweden reportedly found “a more efficient way for quantum computers to perform the code-breaking calculations, reducing the resources they require by orders of magnitude.” Their work, highlighted in the MIT Technology Review, demonstrated that a 20 million-qubit computer could break a 2048-bit number – in a mere 8 hours. What that demonstration means is that continued breakthroughs like this will keep pushing the timeline up.

It’s worth noting that perishable sensitive data is not the main concern when it comes to the quantum encryption threat. The greater risk is the vulnerability of information that needs to retain its secrecy well into the future, such as national security-level data, banking data, privacy act data, etc. Those are the secrets that really need to be protected with quantum-proof encryption now, particularly in the face of bad actors who are stealing it while they wait for a quantum computer that can break the encryption.  

Adapting Cybersecurity to Address the Threat

Researchers have been working hard in the last several years to develop “quantum-safe” encryption. The American Scientist reported that the U.S. National Institute of Standards and Technology (NIST) is already evaluating 69 potential new methods for what it calls “post-quantum cryptography (PQC).” 

There are a lot of questions surrounding quantum computing, and scientists continue to work diligently to answer them. When it comes to the impact of quantum computing on cybersecurity, though, one thing is certain: it will pose a threat to cybersecurity and our current forms of encryption. To mitigate that threat we need to change how we keep our data secure and start doing it now.  We must conduct a crypto inventory with tools like CipherInsights to determine what quantum-vulnerable encryption is in use, what is quantum-safe, what can be broken today using conventional systems.  Then, we need to approach the quantum threat as we do other security vulnerabilities: by deploying a defense-in-depth approach, one characterized by multiple layers of quantum-safe protection. Security-forward organizations understand this need for crypto agility and are seeking crypto-diverse solutions like those offered by Quantum Xchange to make their encryption quantum-safe now, and quantum-ready for tomorrow’s threats. 

For more information on how Quantum Xchange can help you quantum-proof your communications, contact us. 

 

Subscribe to the Quantum Xchange Monthly Newsletter

Quantum Xchange does not share or rent your information to any third parties.