The Impact of Quantum Computing on Cybersecurity
In December 2020, Chinese researchers claimed to have developed the fastest quantum computer in the world. This computer, built using quantum particles and using light as a medium, can perform calculations exponentially faster than classical computers.
What is currently the bleeding edge of computing and scientific research tends to become the norm at some point, and as such security experts are watching these developments closely. Quantum computing could disrupt modern cybersecurity and its reliance on the limitations of traditional computing.
Learn more about what quantum computing is, how it will impact cybersecurity, and how that could potentially impact businesses around the world that rely on traditional cybersecurity.
What is Quantum Computing?
To understand quantum computing, you need to understand some basic concepts about computer hardware and complexity.
Underneath all the sophisticated applications, platforms, and systems, computing is all about 1s and 0s. That’s not a flippant comment (although it often comes out as such). It’s simply to point out how robust and powerful computing is with a relatively simple set of possibilities.
All classical computing works on the concept of binary: binary numbers, binary choices, etc. Data is stored in a hard drive or RAM as 1s and 0s, called “bits”, which are then translated as commands to hardware and software that eventually evolve into computers and software. Likewise, computer logic is also divided into mathematical procedures and simple conditional decisions based on a yes/no or true/false dichotomy.
This logic pervades everything, including hardware, in that all logic and storage rely on binary choices.
The power of this system is also its limitation. Classical computation relies on binary states or logic to make decisions and store data, and over time that system can only support so much computing power. Likewise, classical computers can only support an increasingly limited computing power. That means that complex processes take longer, and longer, the more complex they become.
Quantum computing, on the other hand, harnesses the quantum features of subatomic particles to exist in multiple states at the same time. Instead of having bits that can store a 1 or a 0, you can have a qubit that can store 1 and a 0 at the same time. This means that quantum computers can compute at speeds exponentially higher than their classical counterparts, with less required storage and energy.
What Does Quantum Computing Mean for Cybersecurity?
One of the most important forms of cybersecurity is encrypting data. Modern data security relies on complex encryption that classical computers will never breach within any of our lifetimes. Quantum computing potentially disrupts that.
Consider RSA 2048-bit encryption. This form of encryption uses a mathematical process that renders data unreadable in its original form. The strength of its security isn’t proprietary algorithms, however, as the form of encryption (and public encryption keys) are generally well known. Its strength is that the process produces encrypted data that can only be decrypted by a specific decryption key that cannot be reverse-engineered from an associated encryption key.
Can a hacker brute-force the data without the key? Technically it is possible to do so. AES-128 ciphers have 2^128 potential solutions, which would take a classical computer potentially trillions of years to break.
Recent advances in quantum computing threaten to upend this security. Recently, a Chinese quantum supercomputer performed in minutes a calculation that would take the most powerful classical computer tens of thousands of years to complete.
Quantum computers will, in the future, threaten the traditional order of cybersecurity and encryption by reducing the time and complexity of computations that have helped maintain data security for decades.
What Does Quantum Computing Mean for Your Business and Public Data?
At this juncture, not much. Quantum computers are not generally available to anyone outside of research institutions. Likewise, these computers are expensive and unsustainable in their current form, which means they probably won’t be widely available for some time.
What it does mean, however, is that as these computers become more stable and available at the governmental level, security guidelines and regulations will begin to evolve. While your business most likely won’t have to worry about individuals with quantum computers in the next 20-30 years, it may be more likely that state-enacted cyber threats could leverage the technology for specific applications.
Take governmental businesses. Government cloud platforms and data stores will most likely be at the forefront of any changes that come down the pipeline due to the increasing presence of quantum computing. Similar demands in sectors like healthcare and financial services will surely follow, and those changes would be much more significant than simply upgrading technology.
Are There Ways to Secure Data Against Quantum Computers?
Yes. Currently, both Google and Microsoft have been experimenting with “lattice-based” encryption methods to secure data.
Lattice-based cryptography leverages complex, traditional cryptography to encrypt data. At the same time, it organizes the data in a “lattice” formation, which is similar to a slightly-offset grid pattern. These cryptographic algorithms would encrypt the data and then further hide a decryption hash within the lattice structure in such a way that even a quantum computer could not locate it in a meaningful or useful way.
While this type of encryption is still in its infancy, it is a leading candidate for post-quantum encryption. As both Microsoft and Google have an invested interest in data security, they’ve already begun their research.
Is Quantum Computing Something to Worry About?
The short answer is: not yet, and probably not for a long time.
The longer answer is that quantum computing is still in its infancy. This means that any quantum computer in existence can only run a small number of qubits at a time, and any calculation run with that computer is still prone to substantial errors above and beyond reliable classic computers.
Both the Chinese quantum research team and Google have run experiments with quantum computers from 53 to 59 qubits. A quantum computer that could reliably break complex encryption would require somewhere in the realm of 20 million qubits.
Most importantly, quantum computing most likely won’t destroy cybersecurity in and of itself. With new research and development, technology will adapt to handle new threats. While security challenges may evolve, so too will the tools used to face them.
Quantum computing is coming, albeit in the far-off future. That being said, it’s continued development highlights the importance of maintaining the best security practices outside of simple technological updates. Facing these new threats will call for expert partnerships with companies developing cutting-edge platforms who know what’s coming down the road.
Continuum GRC is proactive cyber security®. Call 1-888-896-6207 to discuss your organization’s cybersecurity needs and find out how we can help your organization protect its systems and ensure compliance.
Want to learn more?