One of the factors that makes cybersecurity such a dynamic and interesting discipline is that wider technological evolutions often lead to ripple effects within the cybersecurity industry. One such evolution is the impending arrival of quantum computing, which has the potential to initiate seismic shifts in many areas. This article examines quantum computing in cybersecurity with a particular emphasis on potential threats and benefits.
Quantum computing uses the power of quantum mechanics to perform calculations and solve certain problems that traditional computers struggle with. Underneath the hood of any modern computer, the system uses binary code to function. The most basic unit in computing is a bit, and its value is either 1 or 0. In quantum computing, the most basic unit is a qubit.
Ask any quantum physicist and they’ll tell you the universe behaves very strangely at the smallest scales. One rather quirky feature of the quantum universe is that quantum systems can be in multiple states simultaneously (superposition).
Quantum computing, with its qubits, leverages the inherently probabilistic nature of the small–scale universe to become potentially far more powerful. Instead of a normal bit that can only be 0 or 1, each qubit can be 0,1 or some combination thereof. The result is that intractable computing problems become eminently more solvable.
Without getting too bogged down in the intricate details that even professional physicists regularly struggle to explain, quantum computing poses difficulties in moving from concept to large-scale realization because qubits are unstable. Qubits need high levels of isolation from the surrounding environment and significant cooling, otherwise, the information degrades rapidly. Furthermore, the high susceptibility of quantum calculations to “noise” calls for innovative approaches to error correction.
Given the feats of engineering marvel required to create quantum computers, it’s tempting to conclude that the production of such systems on a widespread scale is far off. But with behemoth technology companies investing heavily in research and development alongside some prestigious universities, the quantum revolution might be closer than it seems.
In 2021, IBM revealed it created a quantum computer composed of 127 qubits, which easily surpassed the previous record of 65 qubits. This led to predictions that quantum systems will start to outperform traditional computers at certain tasks within two years.
There are still a number of hurdles to overcome, but comparisons with other notable technological advancements over the last century demonstrate that once the ball gets rolling, it’s hard to slow down.
With such a nascent and developing field of research, nobody quite knows the full implications of quantum computing in cybersecurity (or in many other disciplines). Things move fast in the world of technology and on many fronts, but here are two implications worth pointing out.
Easily the most publicized possible impact of quantum computing falls within the realm of cryptography. And it’s for good reason that this gets attention—encryption is the first and last defense for sensitive data and communications.
Quantum computing has the potential to easily break current encryption systems, such as public-key cryptography, which relies on essentially multiplying two very large prime numbers together. Modern computers can’t decrypt data protected this way within any kind of timeframe that a threat actor has on their hands; a typical RSA-2048 bit encryption key would take an average computer something like 300 trillion years to work out. Research from Sweden shows an imperfect quantum computer with 20 million qubits could crack this key in just 8 hours.
If even the most cautious estimates prove accurate, the world may well see a quantum computer capable of breaking public key encryption within the next decade. In all sectors of society, this is a worrying thought for individual privacy. At the federal level, where encryption protects information related to national security, the prospects are even gloomier.
Several post-quantum cryptographic algorithms already provide a possible defense against these hypotheticals. The problems are twofold: standardizing an algorithm and getting organizations and businesses to start taking action now in the face of future threats with an undefined timeline.
On the first problem, the U.S. National Institute of Standards and Technology (NIST) is already deep into the process of selecting new quantum-resistant public-key encryption algorithms. It’s then up to relevant organizations and businesses to protect their data using these new standards before malicious actors get their hands on a sufficiently powerful quantum computer. Experience shows that these transitions often don’t happen quickly enough to prevent avoidable outcomes.
Quantum-Enhanced Machine Learning
On a more positive front, quantum computing is capable of dramatically improving machine learning processes. Machine learning already contributes impressive use cases to cybersecurity, including predicting attacks or identifying anomalies that indicate threats.
Quantum machine learning applies quantum computing to machine learning algorithms with the result being far greater efficiency and accuracy. The use of quantum-enhanced machine learning may arm organizations with defenses against novel cyberattack methods. One small case study from 2021 found intrusion detection performance of close to 100% for quantum computing methods against DDoS attacks.
Quantum computing in cybersecurity seems somewhat of a double-edged sword, with a likelihood of causing both harm and benefit. Mitigating the most deleterious possibilities depends largely, as with many other cybersecurity threats, on proper risk management.
Organizations wanting to prepare for quantum computing need to start mapping out a risk management plan. Take an inventory of any encrypted systems, communications and data at risk from quantum-based cryptography breaches. Using this inventory, set a deadline for moving to alternative measures when they become standardized, starting with the most high-risk information.
Speak with an expert today about quantum computing.