“The greatest threat to our security is the illusion that our data is safe.”
— Niels Bohr
Quantum mechanics are the behaviour of matter and energy on an atomic and sub-atomic scale. Quantum computing is its application in Information Technology.
Qubits: The Building Blocks of Quantum Computing
In quantum computing, we use ‘qubits’ as opposed to bits. A bit can have a value of 0 or 1 but a qubit can also have a ‘superposition state’ – where it holds both values simultaneously. Qubits can also be linked together so a change in one qubit would affect the second one, even if they are light years apart.
Quantum Supremacy: A Leap Beyond Traditional Computing
Quantum Computers are faster and more efficient than traditional ones. In 2019, A quantum Computer by Google took 3 minutes to solve a problem which a regular supercomputer would take 10000 years to solve. This is called ‘Quantum Edge’ or ‘Quantum Supremacy’.
With such exponential computing power, Quantum Computers can identify patterns and relationships in huge datasets. In commercial sectors, they can streamline the global logistics supply chain, help researchers make medicines faster or make better models for forecasting complex changes.
Experts predict that in the next decade, this technique will revolutionize several industries. But this is not to say that quantum computers would not have any ill effects. The use of quantum computers would raise many grave concerns about privacy and security.
The Concept of “Harvest Now, Decrypt Later” Attacks
The concept of “harvest now, decrypt later” (HNDL) attacks represents a significant future threat in the cybersecurity landscape. In this type of attack, the threat actors would collect the encrypted data and when Quantum Computers are made even more powerful, the data would be decrypted. HNDL attacks enterprises, banks, intelligence agencies, etc. They have the potential to break widely used encryption algorithms like RSA through techniques such as Shor’s algorithm. In the next few years, secure data could become accessible, and this would expose sensitive information across the world.
The encryption currently used is built on mathematical calculations that would take too long to decipher on today’s machines, but scientists have been working towards building quantum computers that can have bigger numbers.
Right now, all sensitive information and data shared over the internet is encrypted by using public key encryption. It is the most common form of internet encryption. The underlying public key infrastructure (PKI) is built into every web browser to secure traffic across public networks. It is also used by most organizations to ensure their internal data, communications and access to devices. Even data protected by asymmetric cryptography algorithms like DH, ECC and RSA, will become readable, making it easy for criminals to destroy all security systems and bring down digital and physical security at once. This is called a ‘Quantum Threat’. The security holding the internet would collapse and all our data would be out for the world to see.
It is important to remember that sensitive information is not the only thing at risk here. The more serious issue is the susceptibility of information that can NOT be public like banking data, national security-level data, etc. That is data that needs to be secured by quantum-proof encryption immediately.
Apart from the encryption and data security issues, quantum computing has the potential to publicize blockchain data. Blockchains depend on a unanimous trust among widespread computer networks. It is attained due to the use of public-key cryptography which as mentioned is susceptible to attack to reveal the user’s private key.
Studies show that 25% of bitcoins and 65% of ethers (tokens in the Ethereum Network) use the public key encryption system established in Blockchains. This would mean that bitcoins can be stolen by providing a quantum computer with the necessary resources. Hundreds of billions of dollars in cryptocurrency would be vulnerable.
Even though there is no surety as to when practical quantum computers are to be expected, organizations with data and information should prepare themselves because they are going to be here much sooner than expected. It is advised for such organizations to build awareness about his threat and how it might affect them. This will help them develop a plan of action protecting all those affected over various sectors.
We have seen in recent years how organizations that have ignored threats of newer technologies have suffered from ransom attacks, malware and data breaches. Even with the uncertainty about these threats, taking necessary precautions is imperative as this could have a significant impact while transitioning into a quantum era. This could affect how well a company performs in the post-quantum era.
Quantum threats should be handled in the same way any other security risk is by following a ‘defence-in-depth’ strategy. The National Institute of Standards and Technology (NIST) has been working on creating new standards, keeping in mind encryption schemes secure even in the post-quantum world. It has published resources which would aid these organizations in the transition to using post-quantum cryptography schemes. All organizations should familiarize themselves with these standards and resources, using them as frameworks to re-evaluate the resilience of their systems.
New encryption methods like homomorphic encryption can also be used. With this, it’s possible to compute encrypted data without sharing access to the data itself. Using this, organizations can share sensitive data on third-party cloud services where processes can be run using the data without decrypting or seeing it. This will help expand the applications and services which can be used even when the private data is secure.
Over time, institutions should focus on adopting ‘crypto agility’ by which they would be able to switch between cryptography algorithms easily in case they become vulnerable. The ones which are hesitant to adopt new and experimental algorithms can integrate classical and quantum-based algorithms under a hybrid approach. Post-Quantum Cryptographies are based on Quantum Key Distribution and Quantum Random Number Generation which are ways to strengthen cryptography against quantum attacks.
The Urgency of Proactive Measures and Awareness
Additional measures could be taken by enhancing overall cybersecurity practices like implementing strict access control, effective encryption key management and regular security audits. Awareness and proactive measures are also essential to protecting sensitive information. People need to understand that quantum computing will be here sooner than anyone can predict, and it will revolutionize the world. With great technological advancements, it will also pose a real threat to cybersecurity measures throughout. To protect our private data, we must make ourselves adept for a smooth transition into the post-quantum Era and we must do it quickly.
People need to understand that quantum computing will be here sooner than anyone can predict, and it will revolutionize the world. With great technological advancements, it will also pose a real threat to cybersecurity measures throughout. To protect our private data, we must make ourselves adept for a smooth transition into the post-quantum Era and we must do it quickly.
-Vaishnavi Agarwal | Welham Girls School