As developments in quantum computing lead to greater computing power, many are concerned about its potential impact on cybersecurity. Whilst it will bring benefits, such as identifying and shutting down cyber attacks more quickly, the negative consequences could be greater.
What is quantum computing?
Quantum computing is based on hardware and algorithms that use quantum mechanics. This is different to current computers that are based on standard electronics. As a result, they are able to solve large, complex problems much more quickly than today’s computers or supercomputers.
Why might this be a problem for cybersecurity?
One of the areas where quantum computers are superior is in digital cryptography, and this is where the problem for cybersecurity lies.
Currently there are two types of encryption commonly used:
- Symmetric encryption, which uses the same key to encrypt and decrypt a piece of data. This is mainly used to encrypt major databases, file systems, and object storage.
- Asymmetric encryption, which uses two different, but mathematically linked keys: one to encrypt (the public key), and one to decrypt (the private key). This is typically used to digitally authenticate messages, documents and certificates.
With modern computers, breaking either type of encryption is very slow and requires a lot of man-power. For example, in July 2002, a group announced that it had uncovered a symmetric 64-bit key. To do this though took more than 300,000 people over four and a half years of work. For longer keys, such as 128-bit, it would take even the fastest supercomputer trillions of years to crack. A quantum computer could solve this in much less time.
How to prepare for quantum computing cyber attacks
To protect symmetric encryption from malicious attacks using quantum computing is fairly straightforward. All that is required is longer keys. A 256-bit key for a quantum computer would be equivalent to a 128-bit key for a modern supercomputer.
For asymmetric encryption, the challenge is greater. By using Shor’s algorithm, quantum computers could decipher this type of encryption in days or hours. As a result, research is being done to develop public-key algorithms that could resist code-breaking efforts from quantum computers. To date, 69 potential new methods are being evaluated.
Whilst the age of commercially available quantum computers is still many years away, we need to begin preparing for these types of cybersecurity attacks now. Because, if cybercriminals are able to break current encryption at scale, people won’t be able to trust any of the information they receive online and the validity of all digital identities will be called into question.