The Impact of Quantum Computing on Cyber Security
When you hear the term "Quantum Computing," you most likely picture another ordinary computer. One that can calculate and compute just as fast, if not somewhat faster than other computers on the market. Maybe you even picture a supercomputer like the ones being built to run Artificial Intelligence and synthesize complex molecules. But in reality, Quantum Computing is not just one step further in the computing revolution. It is a thousand steps further.
A classical computer, like the one you are reading this on right now runs on binary code. In binary, every decision that a computer or machine makes is based off of a combination of two numbers. Zeroes and Ones. These two numbers act as ON/OFF switches, and when combined with hundreds of other zeroes and ones, form basic and advanced computer functions. These functions are built upon hundreds of thousands of logic gates which take at least one binary input and produce one binary output. In today's world these computers perform at record fast speeds, with classical super computers being used all over the world to solve complex problems. But the Quantum Computer is changing computer scientist's definition of fast. Take D-Wave's Quantum Computer for example, which performs 100 million times faster than the average classical computer and 3,600 times faster than a supercomputer according to the Telegraph.
Quantum computers operate on principles of quantum physics, one of the most important being superposition. Instead of using bits, like a classical computer, a quantum computer uses something called qubits. In regards to quantum computing, superposition states that a qubit can exist as a one, a zero, or it can exist as some proportion of both a one and zero at the same time. For example, in a classical computer with 4 bits, there are 16 different combinations of ones and zeros. In this scenario the classical computer would go through each of these 16 combinations individually until a solution to the problem was found. In contrast to this, in a quantum computer with the same number of bits and combinations, the computer could process all 16 combinations at one time. This exponentially increases the speed of operation in comparison to classical computers. This is due to superposition which allows a quantum computer to perform parallel operations on multiple arrangements of qubits.
Another principle of quantum physics that is utilized in quantum computing is entanglement. In quantum computing, entanglement states that the state of two qubits are dependent on one another. Basically what this means, is that if two qubits are entangled, their states are only determined by the state of the other qubit. Entanglement and it's relation to Quantum Computing is very complex so for more information on Entanglement check out the link here.
These extremely fast computers have implications in multiple industries. This leads into the main topic of this article which focuses on how quantum computers are going to effect the cyber industry. For starters, there is encryption.
There are many different popular methods of encryption available today including:
- Triple DES
- RSA
- Blowfish
- Twofish
- AES
These methods of encryption were identified by StorageCraft as 5 of the most commonly used encryption methods used in 2018. As defined by current security standards, these methods of encryption are extremely secure and require massive computing power and speed to crack. For example, a 256-bit encryption has 2^256 different possible combinations. While this may seem like a small number written in exponential form, this number has 78 places. Even with the fastest supercomputer known to man, it would take hundreds of thousands of years to crack this encryption.
This all changes with Quantum Computing.
Because of the ability for Quantum computers to compute processes parallel to each other, the security that has famously been attributed to many methods of encryption will be able to be broken in seconds. In the real world, everything from emails to login information to text messages are encrypted using these methods. This puts data everywhere at risk of being exposed to hackers. Because of this, many cyber security specialists have been left wary of the quantum computing revolution, because of the threats that will be present when quantum arrives. Some even believe that the shortage of workers in the cyber security industry is going to double, maybe even triple as more laborers are needed to secure and encrypt people's data.
But as Isaac Newton once said, "Every action has an equal and opposite reaction"
Despite the fact that the rise of quantum computers will make it exponentially easier to crack common encryption methods, quantum will also allow for much more complex methods of encryption. Because a quantum computer is able to compute much faster than a classical computer, a quantum computer is able to encrypt and decrypt data using much more complicated algorithms. These complicated algorithms will not only thwart quantum based attacks, but also establish secure standards for protecting data in a quantum driven world. But there's one issue. Who is going to build these algorithms?
The United States and other countries all over the world have a growing issue. The shortage of cyber security labor. Every year more and more cyber security jobs go unfilled leaving these countries with a deficit of proper cyber security. This problem is only going to exponentially increase with the introduction of quantum computing. Quantum isn't only going to bring jobs to the engineering and development industries, but also multiple aspects of the cyber industry. Quantum computers introduce a completely new type of system, which means many cyber security jobs will open to protect this new type of system from targeted attack. These quantum computers also introduce the encryption issue described previously in this article, which will open up tens of thousands of jobs in order to secure people's data and personal information. With the shortage that we are already experiencing, it can only be expected to get worse.
What should you walk away with?
In many aspects, quantum computing truly is going to revolutionize the way we as humans process data. With it's ability to process data and run computer functions at record breaking speeds, fields such as artificial intelligence, chemistry, medicine, and many other science and technology fields will be majorly effected. But with this new revolution comes the risk of cyber security. We as cyber security professionals need to start thinking about the implications of quantum on cyber security and how we can best prepare for a quantum driven world. Otherwise when quantum computing arrives, the data that we aim to protect on a daily basis may just be jeopardized...
Sources:
https://www.dwavesys.com/d-wave-two-system
https://en.wikipedia.org/wiki/Quantum_entanglement
https://blog.storagecraft.com/5-common-encryption-algorithms/
https://www.thesslstore.com/blog/what-is-256-bit-encryption/
https://www.csoonline.com/article/3201974/it-careers/cybersecurity-job-market-statistics.html
https://www.research.ibm.com/ibm-q/learn/what-is-quantum-computing
https://en.wikipedia.org/wiki/Quantum_superposition
https://www.cryptomathic.com/news-events/blog/quantum-computing-and-its-impact-on-cryptography
Cover Image:
Agreed! & It's been fun watching the PQC submissions! https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/Round-1-Submissions. We even see some PQC implementations in BouncyCastle https://github.com/gjyoung1974/Post_Qauntum_Crypto_Experiments/blob/master/src/main/java/com/goyoung/utils/crypto/postquantum/demo/HelloWorld.java
NTRU and McElice are the proposed options for PKE although they aren’t performant becoz of the large key sizes and hence for certain use cases, they may not be viable..will have to wait and watch
The article is a bit misleading as it creates a perception that AES will be broken with QC, when it’s not the case. QC obviously would make AES 256’s security cut down by half (as offered by AES 128) and hence doubling the size of keys will be a way to mitigate the threats.
Nice write-up. Quantum Computing is going to change a lot of things. And it is now a matter of when, not if, quantum computers (QC) will arrive in full force. There are a couple of points that are worth making here with regard to the threat to encryption. The first is that not all types of encryption are equally vulnerable. Public key encryption (PKE) is extremely vulnerable because QC will be able to almost instantly factor the semi-prime numbers that are the lynchpin that secures PKE. Think of it this way - all SSL/TLS encryption of traffic will basically melt once there is a QC strong enough to factor the public keys that enable PKE. But AES, Blowfish, and Twofish are symmetric key encryption algorithms, and those are not as susceptible to QC. (I left DES out, because that should not be used anymore due current weaknesses.) QC is expected to basically halve the effective key length for AES, meaning a 256 bit key will be as effective as a 128 bit key. That's still pretty good, and increasing symmetric key lengths is usually not a big deal, so 384 or 512 bit keys will buy us some time. But unlike PKE, symmetric encryption algorithm requires that you get shared keys between two or more endpoints. Unfortunately, the way we do that today is via... PKE. So, if PKE breaks, and you are using that to share symmetric keys, you are really not securing any data. That is why NIST is looking now at "Quantum Safe" replacements for current PKE algorithms.
Geordie Rose's prediction concerns me. If machines can do things better than humanity "with everything", why will humans need to be employed? https://youtu.be/YgFFIXckS0Y?t=14m8s