Quantum computing: The double-edged sword for cybersecurity
Quantum computing may soon undermine existing cryptographic techniques. Aline Gouget, technical advisor and security researcher for Gemalto, shares the steps that have been taken to ensure that the arrival of quantum computing is something to be welcomed rather than feared.
Quantum computing is quickly moving from science fiction to reality. Large companies and countries are investing heavily to become the first movers in establishing the era of commercial quantum computing as quantum computing is believed to dramatically impact several industries in the next decade. China, for instance, is building a US$10 billion National Laboratory for Quantum Information Sciences in Hefei, which will focus on developing quantum computers and related technologies.
With such investments in place, IDC believes that quantum computing will be commercially available through cloud services in three years' time and that its global market will exceed US$10 billion by 2027. Another report by Tractica, estimates that North America will be the leading region for quantum computing adoption with US$718.3 million in revenue by 2025, followed closely by Europe (US$695.8 million) and Asia Pacific (US$650.9 million). In fact, Alibaba Cloud (in partnership with the Chinese Academy of Sciences) is already offering such services today to enable businesses to experiment with quantum applications in a real environment and accelerate the development of future quantum computers.
But what is quantum computing and why is it important? To put it simply, quantum computing is set to redefine the limits of data processing power. In doing so, it will offer vast potential to tackle an array of critical scientific challenges.
Quantum computing rewrites the rule book
What's unique about quantum computing is the radically new way it performs data calculations. Since the 1960s, computing has relied on silicon transistors to store and manipulate data that is encoded as a series of zeros and ones. Quantum computing, in contrast, exploits the ability of sub-atomic particles to exist in more than one state at a time. Consequently, it encodes data in quantum bits or 'qubits', which can be likened to a sphere. While a traditional bit can only be at either of the sphere's two poles, a qubit can exist at any position on the sphere, enabling more data to be stored and manipulated far more quickly. With such capabilities, quantum computers are poised to solve problems that traditional computers never could.
Breaking the unbreakable
Time and time again, we've seen instances of ground-breaking technologies being exploited by those with less than pure intentions. Quantum computing is no exception, with Michele Mosca from the Institute for Quantum Computing recently stating that there is "a one in seven chance that some fundamental public key cryptography will be broken by quantum by 2026, and a one in two chances of the same by 2031."
Cryptographic algorithms are classified according to characteristics, such as the type of underlying mathematical functions they are based on, the type of usage they are designed for (e.g. protecting data exchange or the creation of a secret), or the type of secret management required (i.e. one secret key, or a public and private key pair).
Of these, the algorithm families that may be weakened by the deployment of quantum computing have been identified as mainly including public key-based methodologies such as RSA and elliptic-curve cryptography for PKI applications, and key exchange applications such as Diffie-Hellman. While this represents a serious headache since much of today's secure communication rely on some of these cryptographic algorithms, the good news is that leading industry players have recognized the issue early and are already taking steps to address it.
Some industry players have already rolled out strategies to protect products over their entire lifecycle. Gemalto, for example, is working on the design of products embedding so-called crypto agility capability, which enables software to be loaded and replace keys and algorithms as and when they become deprecated. This powerful mechanism enables a fleet of resistant products to be maintained, even as algorithms are found to be vulnerable.
The other axis of defence resides in the choice of algorithm family. Broadly speaking, there are three main approaches to ensuring resistant products:
- Implementing symmetric key algorithms with larger keys (approximately doubling the current average key size), which are well known for resisting quantum computing;
- Deploying proven quantum-safe algorithms which have already demonstrated their robustness, such as hash-based signature; or
- Implementing a subtle combination of both pre- and post-quantum algorithms.
The last option is notable, as it adopts a more forward-thinking approach while retaining the existing effective crypto that the security industry has well and truly mastered. A matter of teamwork Protecting the future of public key encryption means finding algorithms that can resist the power of quantum computing yet remain secure when used with a 'classic' computer. This is what the sector refers to as 'quantum-safe' or 'post-quantum' crypto. So far, various research teams have submitted over 80 proposals of new public key cryptographic systems that meet the criteria to the US National Institute for Standards and Technology (NIST) for evaluation. Once the proposals have been vetted, standardization work will be initiated. NIST expects to deliver solid results at its second post-quantum cryptography standardization conference in 2019.
Keep in touch
Back in the dark days of World War Two, a remarkable international group of Allied codebreakers based at Bletchley Park in England successfully unlocked the 'unbreakable' Enigma machine ciphers with which much of their enemy's communications were secured. To help them do so, they created a landmark piece of electro-mechanical equipment, the 'bombe'.
Over 70 years later, another new generation of technology is poised to undermine supposedly infallible cryptographic techniques. However, the key message here is not just about the willingness of the wider industry to research and implement new forms of protection against this latest threat. Quantum computing – or at least the quantum physics on which it is based – will also open the door to completely new approaches to data security. Even though it's still very early days, it is worthwhile for those with an interest in encrypted communication to stay abreast of developments.
In other words, don't just keep calm and carry on; stay tuned as well.