Quantum computing promises to solve difficult problems — and create entirely new ones.
We don’t have quantum computers just yet. But we anticipate they are on the horizon.
Eminent cryptographers speaking at February’s RSA conference said they hope quantum doesn’t happen any time soon. These individuals, who built classical crypto, said they hold that hope because quantum computing will break their algorithms.
The speakers at RSA were joking. But cybersecurity experts have real concerns about quantum.
This Could Get Spooky
Traditional computing is based on bits, or binary digits. The value of these bits is either one or zero. Transistors in today’s computers work by turning on (one) and off (zero).
Quantum computing is different. It is based on qubits, or quantum bits. A qubit can be either zero, one or a combination of both. With quantum computing, you can have both states existing at the same time. This dual state is known as quantum superposition.
Building a quantum computer also requires a phenomenon called entanglement, what Einstein referred to as “spooky action at a distance.”
Show Me The Equal Money
Entanglement means two particles are connecting in some way so that in observing one you can observe the other even if the particles are kilometers or even light years apart. Some experiments have demonstrated that kind of behavior in a very constrained set of conditions that are extremely tricky to reliably reproduce.
But It Will Help Solve Human Challenges
What’s most important to understand about quantum, however, is that it will enable faster searching.
Mathematician Merill Flood popularized the traveling salesman problem (TSP). TSP highlights the difficulty in optimizing sales routes. Quantum can address such logistics challenges.
I envisage that quantum computers also could be paired with artificial intelligence-based computation to create a very powerful proposition. That could provide the computing power for an automated system to go through different permutations of a virus, for example, and identify vaccines.
This Powerful Technology Will Break Stuff, Too
Any problem that requires faster searching will benefit from a quantum computer. But this presents new challenges because hackers can use quantum computing for their dirty work.
From a computing and security perspective, quantum computing is deemed dangerous because integer factorization and discrete log-type problems can be practically solved. Both are used extensively in today’s classical asymmetric cryptography.
Consider the formula N is equal to P times Q, for instance. If you were to factorize the number N, the factorization would run in time exponential in n, (n being the actual number of bits that N was). That means the complexity or number of iterations to solve the problem is exponential in n and becomes practically impossible to solve using a standard computer for larger numbers.
But with quantum computers, the calculation can be done in time polynomial in n. This means that the computation will complete in a practically feasible time. That makes quantum computing significantly stronger and quicker than traditional computing in terms of running that search.
Bad actors can use that power to break into real-time encrypted communications. Store-now-and-decrypt-later could be one of the other big attacks in a post-quantum world. Sensitive data that was signed or encrypted using an asymmetric scheme will potentially be at risk.
On physical systems, we are vulnerable to a different attack where the integrity of software can be compromised. In the advent of a quantum computer being available, you could break the code-signing signature and load your own code onto the system.
Be Aware Of Risks, And Create Plans To Address Them
Organizations with sensitive data should be aware of these risks. Vendors that create algorithms and produce crypto modules should be exploring solutions to the quantum challenge as well.
Some regulators are holding business leaders’ feet to the fire about this potential for the future. Customers are already asking us what our post-quantum strategy is They, in turn, are being asked the same questions of their own customers.
People want to know about organizations’ strategies to manage this risk.
Some Solutions Are Already in the Works
The National Institute of Standards and Technology (NIST) is working to identify the best quantum-safe algorithms that are less likely to be broken by quantum techniques. That includes the creation of algorithms that are based on symmetric and hash-based schemes or using other approaches, such as code-based, lattice-based and multivariate cryptography.
NIST is accepting and reviewing submissions from the industry. But we’re probably looking at another three to four years before that work is solidified and standardized. The proposed quantum-safe schemes may require larger key sizes and management of state. These create new difficulties, including the need for secure and robust implementations.
Although not directly related to quantum computing, quantum random number generators are gaining the limelight. These produce high-density random entropy that can be useful in select situations, such as seeding multiple virtual clusters in the cloud where quality entropy is required.
Experimentation And Interoperability Will Also Be Key
Vendors like us can help organizations prepare for the post-quantum world by making quantum crypto available for them to experiment with. That way, organizations can take the time to understand how to implement these new post-quantum algorithms.
That’s important because it takes a long time to vet crypto and ensure it works properly.
Once organizations have implemented post-quantum techniques, they should address interoperability. They should work within their communities to align standards interpretations.
Prepare, But Don’t Panic
Recent pronouncements suggesting one industry player has achieved quantum supremacy have some people panicking. But 53-qubit solutions are a long way off from what’s needed to break a crypto algorithm. Estimates suggest we are anywhere from five to 20 years from a post-quantum world. So, there’s no need to panic. But this is an excellent time to create a post-quantum strategy.
If you are worried about how long-term data could be affected by quantum computers, then now is the time to act. Now is the time to review your organization’s assets and understand the impact that quantum computing is likely to have in your environment.