The potential threat of quantum computing
Quantum computing – the next evolution of computing power – complete with threat.
Quantum computing by its very nature is set to revolutionize how we think about computers and how we use them. But if the tech world knows one thing down to the chill in the marrow of its bones, it’s that every opportunity brings the shadow of a threat in its wake – and vice versa.
In September, 2022, UN Secretary-General António Guterres included quantum computing among his list of perceived techno-threats for the times in which we live, claiming it could “destroy cybersecurity.”
The idea of any single breakthrough being able to destroy the whole notion of cybersecurity sounds like the plot of an as-yet-unmade James Bond movie (Hey, Eon Productions Ltd – call us).
We sat down with Dr Ali El Kaafarani, a research fellow at Oxford University’s Mathematical Institute, and founder of PQShield, to ask him whether the sky was really falling in.
THQ:
What exactly is the threat of quantum computing? Among everything else there is to worry about, what’s the scope and the scale of the quantum threat? Why should we take it seriously?
AEK:
Quantum computers will have the power to solve computational problems that were previously thought impossible for a standard computer to crack. While this presents many opportunities, it also poses a significant security risk as it renders the traditional encryption methods used to protect virtually all of the world’s sensitive information obsolete.
Important and sensitive data, even when encrypted, is constantly being stolen and stored by bad actors who hope to decipher it one day. This is known as a “harvest now, decrypt later” attack. When powerful quantum computers arrive, all our data will be vulnerable to this kind of retrospective attack.
According to the US National Academy of Sciences, an initial quantum computer prototype capable of breaking current encryption methods could be developed in the next decade.
THQ:
Well… that’s pretty chilling.
AEK:
For nation states, the intelligence value of reaching this threshold is almost impossible to quantify. NIST says that once this threshold has been crossed, “nothing can be done to protect the confidentiality of encrypted material that was previously stored by an adversary.” That’s why data needs to be protected with quantum-resistant encryption today, even before these machines are a reality.
THQ:
So, when the Secretary-General said quantum computing could destroy cybersecurity, there wasn’t even a hint of hyperbole in there? Any idea when within the next decade this could happen?
AEK:
According to Booz Allen Hamilton, “the anticipated cracking of encryption by quantum computers must be treated as a current threat.” Only late last year, top former US national security officials including the Deputy Director of National Intelligence, warned the world that the danger of these types of attacks was ‘immediate.’
THQ:
Well… it’s been nice sleeping at night. So, for instance, how do businesses that want to outlive this development assess their vulnerability to quantum attack? What stages does such an assessment come in?
AEK:
There are many who recognize the seriousness of the quantum threat but don’t actually know how to go about protecting themselves against it, or who feel overwhelmed thinking about the overhaul associated with migrating their systems to meet a new set of standards.
THQ:
We can imagine the overwhelm, certainly.
AEK:
However, if you break it down into smaller steps, the migration process is not so daunting. Transitioning from cryptosystem to cryptosystem is no trivial task, which is why it is best to start as early as possible.
As the NIST National Cybersecurity Center of Excellence (NCCoE) points out: “It is critical to begin planning for the replacement of hardware, software and services that use public-key algorithms now, so that the information is protected from future attacks.”
Switching from one cryptosystem to another within a given security solution is unlikely to be a simple drop-in task, particularly for businesses that haven’t even begun planning for the post-quantum transition, which is likely to be the biggest cryptographic transition in decades.
THQ:
So… we’re thinking this is not a particularly straightforward job?
AEK:
Well, the ease or difficulty with which certain cryptographic algorithms can be switched out in embedded hardware and software will determine the speed with which a transition can be achieved. Crypto-agility allows for a smoother transition between standards. If a system is crypto-agile, it means it is built with flexibility and futureproofing in mind, with cryptographic algorithms that are easy to update and replace over time with minimal disruption to the overall system.
THQ:
So the more agile a business is – and the sooner it starts getting to grip with the invisible ticking clock of the quantum threat – the more likely it is to be able to ride out the new paradigm?
Once businesses have an understanding of their quantum computing vulnerability, what can they actually do about it?
AEK:
We don’t yet know for certain that a high-functioning quantum computer exists, because it is not unfeasible that a bad actor would choose to conceal its existence in order to maintain its technical advantage – along with the element of surprise. The prudent way forward is to start preparing for the worst now because it’s a question of when, not if.
Post-quantum cryptography standards were announced in July last year. The first draft standards will be published in the next couple of months, with the final versions ready in the first half of 2024. In the meantime, it is possible and advised to use hybrid cryptography libraries that can support both classical and post-quantum standards in the transition phase.
In the meantime, businesses can ensure that their cryptography is FIPS 140-3 compliant. FIPS 140-3 is a good stopgap to aim for until more tailored standards are introduced, and because it is a mandatory standard for the protection of sensitive data within US and Canadian federal systems, it is a prerequisite for any contractors that want to do business with these governments.
Another place to look is the Department of Homeland Security, which published a post-quantum cryptography roadmap – a useful guideline for establishing a transition plan before standards are finalized.
THQ:
Are we confident that NIST’s new cryptographic standards are sufficient to meet the quantum threat of today? And is the threat likely to evolve as we go forward?
AEK:
Because the future capabilities of quantum computers remain an open question, NIST has taken a variety of mathematical approaches to safeguard encryption. Each mathematical approach has different advantages and disadvantages in terms of its practicality, implementation and design.
The logic to all this is that future research may discover new attacks or weaknesses that can be exploited to render any one particular algorithm obsolete. It’s why NIST may ultimately choose multiple algorithms to standardize – and hold another handful close at hand as backup options.
THQ:
If, as we gather, the threat is likely to evolve, how do we prepare now to meet it? What’s the scope for quantum cryptographic security over, say, the next five years?
AEK:
Meeting the threat relies on implementing post-quantum cryptography. So, naturally, in the next five years, we’ll see different sectors moving to adopt post-quantum cryptography. In some cases, this won’t be by choice – they will be following mandatory timelines set out by the US Government and others.
Remember, according to the US National Academy of Sciences, a quantum computer prototype capable of breaking current encryption methods could be developed within the next decade.
By 2030, it will surprise no-one if there are fully functioning quantum computers already.
Dr Ali El Kaafarani, CEO of PQShield.
5 March 2024
