Quantum computing is coming – will cybersecurity be compromised?

In 1980, American physicist Paul Benioff published a theoretical model of a machine capable of performing mathematical calculations by utilising the principles of quantum mechanics (Benioff, 1980). The concept was the starting point for the development of quantum computers. 40 years later, the dream of quantum computing is closer to reality than ever.

At the end of 2019, Google and the U.S. National Aeronautics and Space Administration (NASA) announced that the Sycamore quantum computer had performed a calculation in just a few minutes that would be practically impossible for the world’s most powerful classical computer to solve. Even though Google’s contender IBM rushed to criticize the experiment and denied the significance of the results, Sycamore’s achievement represents a key milestone in the development of quantum computing. Quantum supremacy – an era where quantum computers can perform tasks that ordinary computers cannot – has been reached or is very close at the least.

Potential benefits of quantum computers are enormous. It is estimated that quantum computing will have wide-ranging effects on society as a whole and on all aspects of society. Although we still need to wait for extensive practical applications until at least the 2030s, it is worth considering how the quantum computing transformation will affect cybersecurity and how we should prepare for this new era.

Compared to traditional computers, quantum computers are unique beasts. Their efficiency is not based on the speed and large number of consecutive calculations, as is the case with ordinary computers. Thus, even the fastest quantum computers do not offer a substitute for classical computers. Quantum computing enables a completely different approach to solving certain types of computational problems that are particularly difficult for classical computers.

By utilising the laws of quantum physics, quantum computers can simultaneously perform an immense number of computational tasks. If the problem to be solved is formulated in such a way that the results of non-relevant calculations cancel each other out, the correct answers can be quickly found from the enormous sea of simultaneous calculations.

To paraphrase Mikko Möttönen, Associate Professor of Quantum Technology at Aalto University, a quantum computer can be used to find a needle in a haystack with a single glance. Quantum computers will be particularly well-suited for solving various optimization problems. Applications such as climatology forecast model sensitivity analysis, smart traffic route finder algorithms and modelling of molecular structures for medical biochemistry are examples of areas in which quantum computers will probably allow us to make great advances in the future.

Quantum computers have a darker side

However, quantum computers also have a darker side, as technologies often do. In the world of cybersecurity, the above-described ability of quantum computers to find a needle in a haystack provides a skeleton key that can unlock most locks in our modern information society.

The reason for this is that methods of encryption and identification used in our current information society are largely based on the fact that certain calculations are asymmetrically difficult for classical computers. In other words, although it is difficult to find the correct solution, verifying the provided answer is quick. Quantum computers only need one glance to find encryption keys that are difficult to find but easy to verify, because quantum computers can also reverse the problem in order to solve it.

At the moment, there are still major challenges related to practical applications of quantum computers that arise from issues such as uncertainties related to the quantum world. We will probably need to wait for a good while for practical applications of quantum computing. According to most estimates their development will take another 15 – 20 years.

However, we should keep in mind that the power of quantum computing also involves national interests and its development is not necessarily made public. Michael Morris, CEO of Topcoder, aptly stated that information about the greatest practical advances made in quantum computing may not leak out to the public until they have eventually been used as a tool of cyber warfare to break encryption methods.

Although quantum technology can be expected to pose huge challenges for cybersecurity it also offers potential solutions to any problems arising from its use (Mone, 2020). Since 2016, the National Institute of Standards and Technology (NIST), that operates under the United States Department of Commerce, has worked to develop standards and implementation instructions for quantum-resistant cryptography. Even though dozens of different cryptographic methods were assessed, not a single method that could directly replace current encryption methods was discovered (Barker et al., 2020). It appears that quantum-resistant cryptography will require, to at least some extent, replacement of physical equipment and current information systems.

Commercial systems capable of quantum encryption key distribution are already available on the market. However, the prices of quantum-protected connections are in the hundreds of thousands of euros, which means that we will have to wait for a while for more extensive practical applications.

Systems capable of quantum key distribution cannot be scaled efficiently and might not ever become widely available to consumers. However, the construction on quantum-protected networks, that are based on fibre optic and satellite connections, has already started in China, Europe and the U.S.A. (Korolov & Drinkwater, 2019; Möttönen, 2020).

Information systems and their encryption methods should be updated to quantum-resistant cryptography.

In order to prepare for cyber threats of the quantum era, society should quickly prepare a plan on the order in which information systems and their encryption methods should be updated to quantum-resistant cryptography, starting from the most critical systems. Sectors with long equipment life cycles should also start considering quantum cryptography compatibility for the entire life cycles of their equipment and systems (Barker et al., 2020).

Certain cybersecurity measures must also be reconsidered at the threshold of the quantum computing era. It is already worth thinking about how data encrypted today will look in the future if it suddenly becomes public in 15 years. If sensitive data encrypted today falls into the wrong hands tomorrow, decryption of the data in the following decades cannot be prevented (Barker et al., 2020).

For example, in recent years leaks of sensitive documents, such as diplomatic cables published by Wikileaks, have shown the impacts that can result from sensitive documents being made public years later. Media has recently speculated that facilities such as the massive data centre established in Utah by the U.S. National Security Agency (NSA) are intended to serve this particular purpose. All obtained encrypted data is stored in data centres to wait for the future development of new decryption methods (Bamford, 2012).

If current encryption methods break, the reliability of electronic signatures in their current form is also jeopardised. For example, if contracts are signed using electronic signatures alone, how can we verify the validity of today’s electronic signatures in future decades?

Moreover, all possibilities of quantum computing are not yet completely understood. It is possible that a quantum computing algorithm developed in the future will be able to break an encryption method that is currently considered to be quantum resistant. Therefore, we should never blindly trust protection provided by quantum-resistant cryptography or cryptographic methods in general.

We should also remember that whether or not a system is quantum-resistant its weakest link will continue to be its most fallible element – the person using the system. Not even quantum-resistant cryptography can provide protection against this weakness.

 

References:

Arute, F., Arya, K., Babbush, R. ym. (2019). Quantum supremacy using a programmable superconducting processor. Nature 574, 505–510. https://doi.org/10.1038/s41586-019-1666-5.

Bamford, J. (2012). The NSA Is Building the Country’s Biggest Spy Center. [Verkkouutinen]. Saatavilla: https://www.wired.com/2012/03/ff-nsadatacenter/ [Viitattu 4.6.2020].

Barker, W., Polk, W. & Souppaya, M. (2020). Getting Ready for Post-Quantum Cryptography. NIST Cybersecurity White Paper (Draft), 26.5.2020. Gaithersburg, MD, USA.

Benioff, P. (1980). The computer as a physical system: A microscopic quantum mechanical Hamiltonian model of computers as represented by Turing machines. J Stat Phys 22, 563– 591. https://doi.org/10.1007/BF01011339.

Korolov, M. & Drinkwater, D. (2019). What is quantum cryptography? It’s no silver bullet but could improve security. https://www.csoonline.com/article/3235970/what-is-quantumcryptography-it-s-no-silver-bullet-but-could-improve-security.htm [Viitattu 4.6.2020].

Mone, G. (2020), The Quantum Threat, Communications of the ACM, Vol. 63 No. 7, Pages 12-14 10.1145/3398388

 

 

Reference: Mattila, Juri – Mäkäräinen, Kalle – Pajarinen, Mika – Seppälä, Timo – Ali-Yrkkö, Jyrki – Tervo, Elias (2020). Quantum computing is coming – will cybersecurity be compromised? In Digibarometer 2020: The status of cybersecurity in Finland. pp. 41-44. Helsinki: Taloustieto Oy.