The Threat of Quantum Computing

Solutions Review’s Contributed Content Series is a collection of contributed articles written by thought leaders in enterprise software categories. Zibby Kwecka of Quorum Cyber examines the current and future states of quantum computing, and the inevitable threat of a quantum attack.

The threat of quantum computing is very real, today. As of July 2022, 25 percent of Bitcoin and 66 percent of Ether are vulnerable to quantum attacks (Deloitte, 2023). These can be secured with action, however, even if a small number of these currencies are stolen, the market disruption may significantly devalue assets. Quantum computers have the potential to solve certain complex mathematical problems significantly faster than classical computers. One of the most notable implications is their ability to break encryption algorithms that rely on the difficulty of factoring large numbers or solving logarithm problems. There are theoretical methods to crack our current encryption methods that would be possible on a conventional computer, however widely inefficient. Quantum will allow the cracking of keys thousands of times more efficiently, making it possible to break today’s encryption in just a few cycles. Thankfully, for now, scale remains a problem for quantum computing.

Once quantum computers become a tool that’s commercially available and matured, it’s expected attackers will take advantage of this to break current encryption methods, creating a significant risk to the security of our sensitive data. Using this technology as a platform for an attack is a concern for organizations, not just on the cryptography front. The threat of quantum computing becoming part of an actor’s offensive toolbox is likely. Taking advantage of decryption techniques, forging certificates, or its potential ability of rapid machine learning, could vastly speed up network recon and eavesdropping, and forging identities.

The Threat of Quantum Computing

The Development State of Quantum Computing

Just because quantum computing isn’t here yet doesn’t mean we shouldn’t be aware of the risk. Data may already have been stolen, or ‘harvested’, for later yield. While it may not be currently feasible to decrypt your data yet, once it becomes a viable and affordable measure through quantum computing, harvested data and communication traffic could be decrypted. This may be assisted by projects from Microsoft and IBM aiming to offer cloud-based multi-quantum computing facilities on a consumption model.

The National Institute of Standards and Technology (NIST) has been calling for the development of encryption methods that would remain resistant to the advantages of quantum computing, with the first four quantum-resistant cryptographic algorithms announced back in 2022 (NIST, 2022). There is a future of using quantum computers to vastly improve our digital security, but there’s a risk of being in a very dangerous limbo between the threats posed and the future of greater security. Currently, there are several limitations preventing development at scale, which may take years to overcome.

The Inevitable Threat of a Quantum Attack

The most likely quantum attack would involve breaking cryptographic systems of communication methods we use today. This isn’t just a future problem; however, it’s happening already. The widely known ‘Harvest Now, Decrypt Later’ operations store stolen information that will later be decrypted using advanced technology. This might be years away, but depending on the sensitive information, it could still enable extortion against organizations or individuals. It’s a compelling argument to encourage businesses to purge old data that’s no longer required.

Future cyber-attacks will involve hybrid approaches that combine classical and quantum computing techniques. Quantum computers are great at operating in parallel states, and thus, it would be natural to apply them to fuzzing systems and finding vulnerabilities. The added fuzzing ability of quantum computers could drastically speed up attacks aiming to penetrate a system. Fuzzing tests programs by using numerous randomized inputs, and could be a perfect use for quantum machines.

The AI-Assisted Evolution of Post-Quantum Cryptography

Current RSA encryption relies on 2048-bit numbers. In 2019, quantum computers were only able to factor a 6-bit number. In 2022, that number only increased to 48-bits under a highly specialized environment (Swayne, 2022). There is the expectation within the next 10 years we could be at a point where current encryption methods are at risk. The current development is exponential (Deloitte, 2023). A recent mandate from the US Congress declares a 2035 deadline for quantum-resistant cryptography to be implemented (Executive Office of The President, 2022), but it could be sooner.

The exponential development of artificial intelligence (AI) underway may, at some stage, support scientists in solving some of the challenges currently faced. For a quantum computer to undertake a task the problem statement must be translated into a format a quantum computer can actually work with first. This is a laborious task, and hence apart from the high cost of entry to the quantum computing attacks because of the hardware costs, there is an even higher ongoing cost associated with translating targeted problem statements into something that can be tested. This is why cryptographic use cases are currently prevalent when quantum is discussed. They are repetitive, as we only use a handful of cryptographic algorithms to secure the digital world. However, AI will one day enable us to rapidly create translations of human-readable problem statements, and software to be tested, into the code that can be processed by a quantum computer, and this is when the full capabilities of this technology will be reached.

Preparing Yourself for the Quantum Future

There are several actions that should be considered:

• Stay aware of those impending cryptography-related risks and actively monitor quantum developments
• Review cryptographic management processes
• Maintain and update cryptographic algorithms
• Develop a roadmap for changes to cryptographic mechanisms required to keep organizational data safe
• Consider purging or taking off-line historical data where its main protection relies on encryption
• Consider user and machine authentications in the space where quantum computing is available on-demand.

Final Thoughts

To start using quantum machines to solve real-world problems, we feasibly need a machine capable of at least 1 million stable qubits (Microsoft, 2023). Currently, the qubits in existence suffer at scale for several reasons, one of which is quantum decoherence making each qubit only available for a short period of time. As far as research goes, we’ve only just reached over 100 qubits (Ball, 2021). Until these challenges are overcome the use of quantum computing is limited.