A new generation of quantum computing has the potential to transform cybersecurity. Still years away from the mainstream, quantum power is nevertheless a reality, a certainty and an inevitability
Traditional old-fashioned digital computers run on data that is encoded according to the binary system. In binary, the state of any single bit can only be 0 or 1. The options are quite literally binary. Any single computing bit can only reside in one of two positions. Now emerging as the next generation of computing, quantum computers run on data that comes in the shape of qubits or quantum bits.
Quantum goes beyond binary by virtue of a qubit’s ability to reside in more than one of two positions. A qubit can represent a quantum state made up of two or more values simultaneously, called a superposition. A qubit’s superposition can also be differentiated depending upon the context in which it is viewed, so in basic terms we get more computing power in the same space.
But quantum states are fragile and quantum errors are notoriously difficult to measure, so we need to treat this new power with respect. How then could this new thrust of computing strength give us new tiers of power to analyse IT systems at a more granular level for security vulnerabilities and protect us through more complex layers of quantum cryptography?
Quantum computing is a game-changing technology for cybersecurity due to the inherent speed boost it offers to solve complex mathematical problems. Vice president of security research at Trend Micro Rik Ferguson explains that traditional computing, when compared with quantum, is effectively “brute-forcing” mathematical problems until it arrives at a solution, thus the more complex the question, the slower the answer arrives.
“Traditional cryptography relies on the fact that factoring large prime numbers is mathematically complex and hackers attempting to brute-force an answer need a long time. For quantum computers, this kind of factorisation is where they excel, potentially reducing the time to solve problems from billions of years to a matter of seconds. We can now use that power to build more complex protection layers,” says Mr Ferguson.
But could quantum computing also arm the hackers? “Obviously yes,” he says. “What we need to remember is that the majority of attacks in today’s threat landscape target the user in one way or another and social engineering plays as large a part, if not larger, than technical expertise. As long as a human can be persuaded to part with a secret in inappropriate circumstances, all the cryptography in the world will not help, quantum or not.”
Perhaps the most compelling near-term impact of quantum is the role of security “distribution functions” that use quantum effects, providing us with a powerful mechanism for sharing cryptographic keys between remote parties with a high degree of implicit security.
According to IBM computer scientist Leigh Chase, we should also look more generally at the types of data transformation operations we can perform in quantum computers to exploit effects that are not present in the classical world of IT. Effects such as superposition and entanglement offer information-processing benefits, many of which can be meaningfully applied to cryptography, such as improved random number generation.
But while we attempt to build phrases like superposition entanglement randomness into the layperson’s understanding of technology, do we throw out all our existing cryptosystems in favour of quantum now? IBM’s position, for now, is that we should consider quantum-safe cryptography, only some of which requires or exploit quantum effects.
Although the money is more generally on quantum power keeping us safer, we should constantly remind ourselves that the responsibility for safe use is by no means guaranteed. Senior threat analyst at FireEye Parnian Najafi agrees that quantum computers running what is known as Shor’s algorithm pose some risks to current cryptography.
“Some encryption algorithms are thought to be unbreakable, except by brute-force attacks. Although brute-force attacks may be hard for classical computers, they would be easy for quantum computers making them susceptible to such attacks,” says Ms Najafi.
But she agrees it is unlikely that hacktivists and cybercriminals could afford quantum computers in the foreseeable future. However, nation states do have the ability to afford and run them. “Current quantum computers require near absolute zero temperature to be isolated from interference like radio waves and noise, so qubits keep their quantum mechanical state. All these requirements make it difficult and expensive for non-nation state actors,” she says.
So is a quantum apocalypse on the horizon and will cryptocurrencies be a key target? As a security company FireEye’s research highlights there are several efforts currently underway to make cryptocurrency more secure, including the quantum-resistant ledger. It would appear then that as fast as we are building quantum power, we are also working to secure against its misuse.
Security strategist at Symantec Ramses Gallego agrees. He points out that a machine which could effectively and efficiently run Shor’s algorithm – the most complex quantum algorithm known – could enable us to factorise large prime numbers and do things we cannot even imagine today.
“Such great computing power, however, will present a huge challenge for cryptography in the future as cybercriminals will be able to target organisations with highly complex quantum attacks. To pre-empt this, security specialists are currently developing quantum-resistant algorithms, but we are yet to see how quantum computing will really revolutionise cryptography in the future.”
Human vulnerabilities notwithstanding, could we really use quantum computing to build an unbreakable computer truly resistant to hacking? Director of product strategy at Gemalto Joe Pindar is upbeat.
“What is special about random numbers from quantum computing, and why their early prototypes are being used by Swiss banks and governments, is they can be used to create a ‘one time pad’. This is a special kind of encryption key that is essentially unbreakable. Interestingly, one time pads were first used in World War One and are made exceptionally secure by being used only once, for a single message, so codebreaking techniques simply don’t work,” he says.
Mr Pindar offers some reassurance on the potential misuse of quantum computing. He says that while it will change most of the encryption algorithms commonly used on the internet, it is not true that quantum will break all encryption. “The encryption systems that are used to secure data stored in database records and archives, such as legal documents, use a different technique which quantum computing has been unable to break, so far,” he adds.